13 October 2016

Android exported provider

This is something simple, but I don't feel like it gets enough press:

If you create a provider in your manifest and your minSdkVersion or targetSdkVersion is less than 17. The default value for exported is true! That means other applications on the device can access your provider! The safe way to always deal with this is always set exported="false".

No comments: