Your app(s) are using a content provider with an unsafe implementation of openFile

Question

I\'ve received this email after publishing my app on playstore:

Hello Google Play Developer,

We reviewed [MyAppName], with package name com.example.myappname, an

Answer 1

They actually provide one with all one needs to know; see support.google.com:

Implementations of openFile in exported ContentProviders can be vulnerable if they do not properly validate incoming Uri parameters. A malicious app can supply a crafted Uri (for example, one that contains “/../”) to trick your app into returning a ParcelFileDescriptor for a file outside of the intended directory, thereby allowing the malicious app to access any file accessible to your app.

The FileProvider must reject any Uri containing .. ...which are deemed "exploitable".