I am learning some basic knowledge in Android. Now, I am dealing with ContentProvider. Many post said that we should use content provider for data sharing between application.
After a few days researching, I totally agree that it is quite convenience to use ContentProvider in Android. However, there is a security problem.
We all know that content provider uri always has content:// at the beginning. By that way, I can use some tools (Total Commander for example) to find out the word content:// in a specific file and figure out everything we need to access the data.
Following, I am able to create an application which access the data of another application by using that uri.
Did I miss something in ContentProvider which are use to prevent this security problem from happening?
ADD 1:
We know that we are able to convert from an .apk file to source. By that way, the hackers are able to figure out the uri which is used for access the data.
After a few hours research, I know we can set permission (readPermission and writePermission) but hackers could know exactly where it is and they can add the permission to their apps and continue to access our app's data.
Is there anyway to hide or just allow some specific apps access to our data by using ContentProvider?
Any help would be appreciated. Thank you in advance!
