I've received this email after publishing my app on PlayStore:
Hello Google Play Developer,
We reviewed [MyAppName], with package name com.example.myappname, and found that your app uses software that contains security vulnerabilities for users. Apps with these vulnerabilities can expose user information or damage a user’s device and may be considered to be in violation of our Malicious Behavior policy.
Below is the list of issues and the corresponding APK versions that were detected in your recent submission. Please migrate your apps to use the updated software as soon as possible and increment the version number of the upgraded APK.
Your app(s) are using a content provider with an unsafe implementation of openFile.
To address this issue, follow the steps in this Google Help Center article.
Vulnerability APK Version(s) Deadline to fix
Path Traversal
Your app(s) are using a content provider with an unsafe implementation of openFile.
To address this issue, follow the steps in this Google Help Center article.
1 June 25, 2019 Vulnerability APK Version(s) Deadline to fix To confirm you’ve upgraded correctly, submit the updated version of your app to the Play Console and check back after five hours. We’ll show a warning message if the app hasn’t been updated correctly.
I've used Realm database, iText pdf library, file provider in my app. I'm using FileProvider to open pdf file from storage using intent.
res>xml>provider_paths.xml
<?xml version="1.0" encoding="utf-8"?>
<paths xmlns:android="http://schemas.android.com/apk/res/android">
<external-path
name="external_files"
path="." />
</paths>
AndroidManifest.xml
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
package="com.example.appName">
<uses-permission android:name="android.permission.CAMERA" />
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<application
android:allowBackup="true"
android:icon="@mipmap/ic_icon"
android:label="@string/app_name"
android:roundIcon="@mipmap/ic_icon"
android:supportsRtl="true"
android:theme="@style/AppTheme">
...
<provider
android:name="androidx.core.content.FileProvider"
android:authorities="${applicationId}.provider"
android:exported="false"
android:grantUriPermissions="true">
<meta-data
android:name="android.support.FILE_PROVIDER_PATHS"
android:resource="@xml/provider_paths" />
</provider>
</application>
</manifest>
TemplatesFragment.java
File file = new File(Environment.getExternalStorageDirectory().getAbsolutePath() + "/MyCvs/Templates/" + templateName);
Uri uriPdf = FileProvider.getUriForFile(getActivity(), BuildConfig.APPLICATION_ID + ".provider", file);
Intent target = new Intent(Intent.ACTION_VIEW);
target.setDataAndType(uriPdf, "application/pdf");
target.setFlags(Intent.FLAG_ACTIVITY_NO_HISTORY);
target.addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION);
Intent intent = Intent.createChooser(target, "Open File");
try {
startActivity(intent);
} catch (Exception e) {
// Instruct the user to install a PDF reader here, or something
Toast.makeText(getActivity(), "" + e.getMessage(), Toast.LENGTH_SHORT).show();
}
Don't put "." in the path, instead, give the name of the folder that you wanna use.
For example, If you want to access/use Download folder then in provider_paths.xml:
<?xml version="1.0" encoding="utf-8"?>
<paths>
<external-path
name="downloads"
path="Download/" />
</paths>