Provider with readPermission only and implemented write APIs
Provider with readPermission only and implemented write APIs
This check looks for Content Providers that only have the readPermission attribute but implement write APIs.
If android:readPermission is specified and both android:permission and android:writePermission are omitted, other apps can access any write operations that this provider exposes with no permission check. For a quick fix, changing the existing android:readPermission to android:permission will protect both read and write access with the same permission. Alternatively, declaring a separate android:writePermission can protect write access with a different permission.
Issue id: ProviderReadPermissionOnly
Inspection Details | |
|---|---|
Available in: | IntelliJ IDEA 2023.3, Qodana for Android 2023.3, Qodana for JVM 2023.3 |
Plugin: | Android, 2022.3.1 Beta 2 |