weeeBox
commented
5 years ago Hey @hbloom1783,
Thanks for reporting that. We'll take a closer look.
Closed hbloom1783 closed 5 years ago
weeeBox
commented
5 years ago Hey @hbloom1783,
Thanks for reporting that. We'll take a closer look.
weeeBox
commented
5 years ago Fixed in 5.1.1
If this provider gets exported by an app, it gives read access to the app's entire file system to anyone who can broadcast intents on the same device. Per https://support.google.com/faqs/answer/7496913, an example of an attack URI would be "content://it.my.app.ApptentiveAttachmentFileProvider/%2F..%2F..path%2Fto%2Fsecret.txt".