1

I want my ContentProvider to be available in my application only, for this purpose I set the exported attribute of ContentProvider to be false

android:exported="false"

This works fine and Android throws SecurityException whenever some other app tries to access the ContentProvider

Question: Does it make sense to add "signature protection permission" as an additional protection?

The application consists of multiple processes and ContentProvider is used for inter-process communication and there is no need to communicate with other apps

Thank you

Mickey Tin
  • 3,408
  • 10
  • 42
  • 71

2 Answers2

1

Yes this is most secure way to protect the content provider with a permission you define. Make it a signature a permission so only apps signed with your certificate are allowed to get it.

You can also refer developer console

vishal jangid
  • 2,967
  • 16
  • 22
  • thanks for the answer. I'm curious if it's needed at all because there is no intention in communicating with other apps ? – Mickey Tin Sep 25 '17 at 09:28
1

It's possible, and useful if the minimum level of your application is lower then 17 :

Because this attribute was introduced in API level 17, all devices running API level 16 and lower behave as though this attribute is set "true".

bwt
  • 17,292
  • 1
  • 42
  • 60