logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

Unauthorized access to files - APK Content Provider - Android

Need

Prevent unauthorized access to files exposed through Content Providers

Context

  1. Usage of Android development for mobile applications
  2. Ensuring secure access controls in Content Providers

Description

Insecure Code Example

<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="com.example.app">

    <application
        android:allowBackup="true"
        android:theme="@style/AppTheme">

        <provider
            android:name=".InsecureContentProvider"
            android:authorities="com.example.app.provider"
            android:exported="true"
            android:grantUriPermissions="true" />

    </application>
</manifest>

The above `AndroidManifest.xml` configuration defines a `ContentProvider` that exposes application data **without proper access restrictions**. - The attribute `android:exported="true"` allows any app on the device to access this Content Provider. - The `android:grantUriPermissions="true"` attribute permits other apps to access sensitive files without additional restrictions. - Without proper `android:permission` or `android:readPermission` attributes, any application can query and retrieve sensitive data. If an attacker or a malicious app exploits this misconfiguration, they can access or modify sensitive files without authorization.

Steps

  1. Open the `AndroidManifest.xml` file.
  2. Identify any `<provider>` components.
  3. Set `android:exported="false"` unless external access is explicitly required.
  4. If external access is necessary, enforce permission controls using `android:permission`.
  5. Avoid using `android:grantUriPermissions="true"` unless strictly needed.

Secure Code Example

<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="com.example.app">

    <application
        android:allowBackup="true"
        android:theme="@style/AppTheme">

        <provider
            android:name=".SecureContentProvider"
            android:authorities="com.example.app.provider"
            android:exported="false"
            android:permission="com.example.app.SECURE_PERMISSION"
            android:grantUriPermissions="false" />

    </application>
</manifest>

The secure version restricts access to the Content Provider by: - Setting `android:exported="false"` to **prevent external access**. - Using `android:permission="com.example.app.SECURE_PERMISSION"` to enforce authentication and limit access to trusted applications. - Explicitly defining `android:grantUriPermissions="false"` unless required. These changes ensure that only authorized apps with explicit permissions can access the files exposed by this Content Provider.

References

  • 075 - Unauthorized access to files - APK Content Provider

    • Last updated

    2025/04/03