Your app(s) are using a content provider with an unsafe implementation of openFile
Don't put "."
in the path
, instead, give the name of the folder that you wanna use.
For example, If you want to access/use Download folder then in provider_paths.xml
:
<?xml version="1.0" encoding="utf-8"?>
<paths>
<external-path
name="downloads"
path="Download/" />
</paths>
They actually provide one with all one needs to know; see support.google.com:
Implementations of
openFile
in exported ContentProviders can be vulnerable if they do not properly validate incoming Uri parameters. A malicious app can supply a crafted Uri (for example, one that contains “/../”) to trick your app into returning aParcelFileDescriptor
for a file outside of the intended directory, thereby allowing the malicious app to access any file accessible to your app.
The FileProvider
must reject any Uri
containing ..
...which are deemed "exploitable".