What is the correct permission handling when sending sensitive app data as email attachment?

Question

I am having trouble granting \"reverse permissions\" for apps that I wish to provide with sensitive data in a controlled manner.

My application is a time tracker and

Answer 1

This is a nice approach, unfortunately as you are seeing there are probably a number of issues you will run in to in the framework that prevent you from doing it. There are currently some issues with granting uri permissions that make that functionality less useful than it should be (many of these will be addressed in Gingerbread), and on top of that Gmail just doesn't seem to expect this to happen and deal with retaining the granted permission as long as it needs to.

How large is this data? If it isn't too large, how about just including it directing in the Intent as a string?

Answer 2

Dear people from the future,

It seems even google itself solves this problem in another way which i stumbled upon while trying to solve this same problem.

If you look at com.android.contacts.detail.ContactLoaderFragment you find in the method private Uri getPreAuthorizedUri(Uri uri):

mContext.getContentResolver().call(
            ContactsContract.AUTHORITY_URI,
            ContactsContract.Authorization.AUTHORIZATION_METHOD,
            null,
            uriBundle);

Which resolves to com.android.providers.contacts.ContactsProvider2 where a similar call method add the uri to a map mPreAuthorizedUris which is used in the query/update/...-methods.

The return value of that call is put in the Intent and then used.

Answer 3

The data of your app can not be accessed by other apps. Simply use a private storage. You have several options:

1. Sava timetracking data to database. App database is only visible to the app that created it. Other apps will not be able to see this data. When sending an email just query the database and create a text attachment.

2. Create a private file via Context.openFileOutput().