Security: fileprovider allow access to all app files #100
Description
hi,
after apk decompile, i see that the package gives access to all the files under app domain,
since it uses "."
Since the package add to the assembled manifest access to ALL files under the app,
It makes a security vulnerability for the app.
All the files can be accesses by other apps, and its problematic policy.
The problem, is that in the shared_file_paths.xml, the package put “.” (access to all files).
Can you please add something more restrictive (specific files/directories)?
manifest:
provider android:name="com.sidlatau.flutteremailsender.FlutterEmailSenderFileProvider" android:exported="false" android:authorities="com.fmr.meitavtradeapp.file_provider" android:grantUriPermissions="true">
shared_file_paths.xml:
**
<cache-path name="my_cache" path="."/>
<external-path name="external" path="."/>
<files-path name="files" path="."/>
<files-path name="files" path="../"/>
<external-files-path name="external_files" path="."/>
**