问题
as part of our application , we are using two contentProviders but both are guarded with android:exported="false".
But still we got a mail as Google Play warning: Your app contains a SQL Injection issue
They mentioned solution as add android:exported="false" for content providers in AndroidManifest file which was already present.
Can any one suggest to overcome this issue??
FYI : we are also using CONTENT_URI of native apps with SQL statements for getting the data, but we are using ContentResolver.Query without exposing any columns or private data
回答1:
I have also faced the issue Since I was declared my content provider with android:exported="true" tag. As Google Play suggested you should use android:exported="false" tag with the content provider to remove this vulnerability.
And note that if you are not accessing the DB from your main thread you will get Access Denied SQlite Exception.
So if you are used any kind of worker threads to do some asynchronous task and accessing DB from the callback invoked at the exit of the worker thread, you should have to use main thread for DB operations.
FYI : I got Access denied exception when I inserted some data to DB from BLE Gatt write callback
回答2:
Please follow google support. This information is intended for developers with app(s) that contain the SQL Injection Vulnerability.
https://support.google.com/faqs/answer/7668308
回答3:
This seems to be a phishing e-mail and should be ignored. We received one of these for an app we unpublished long ago, and it went to a company e-mail, but not the address we use for Google dev console.
来源:https://stackoverflow.com/questions/50692596/android-security-google-play-warning-your-app-contains-a-sql-injection-issue