发表新帖
发表新帖

Your app(s) are using a content provider with an unsafe implementation of openFile

前端 未结
关注
2 1903
Happy的楠姐
Happy的楠姐 2021-02-14 13:52

I\'ve received this email after publishing my app on playstore:

Hello Google Play Developer,

We reviewed [MyAppName], with package name com.example.myappname, an

相关标签:
2条回答
  • 爱一瞬间的悲伤
    2021-02-14 14:08

    They actually provide one with all one needs to know; see support.google.com:

    Implementations of openFile in exported ContentProviders can be vulnerable if they do not properly validate incoming Uri parameters. A malicious app can supply a crafted Uri (for example, one that contains “/../”) to trick your app into returning a ParcelFileDescriptor for a file outside of the intended directory, thereby allowing the malicious app to access any file accessible to your app.

    The FileProvider must reject any Uri containing .. ...which are deemed "exploitable".

    0 讨论(0)
  • 佛祖请我去吃肉
    2021-02-14 14:14

    Don't put "." in the path, instead, give the name of the folder that you wanna use.

    For example, If you want to access/use Download folder then in provider_paths.xml:

    <?xml version="1.0" encoding="utf-8"?>
<paths>
    <external-path
        name="downloads"
        path="Download/" />
</paths>
    0 讨论(0)
 看不清?
提交回复
热议问题