From f097b16cfddce2dbb097b929458fe9b0a402963e Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Sat, 28 Jul 2012 12:43:48 -0700 Subject: Content Providers: change default for android:exported Change the default value of android:exported to true for applications which target a newer API version. This will help stop inadvertent content provider exposure to untrusted apps. Bug: 3306452 Change-Id: I8cb34e823aef9551319951ce92217345c54cee63 --- docs/html/guide/topics/manifest/provider-element.jd | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/html/guide/topics/manifest/provider-element.jd b/docs/html/guide/topics/manifest/provider-element.jd index 455880035a9c..7b4ca8fc21c0 100644 --- a/docs/html/guide/topics/manifest/provider-element.jd +++ b/docs/html/guide/topics/manifest/provider-element.jd @@ -97,7 +97,8 @@ are by default) for the content provider to be enabled. If either is applications — "{@code true}" if it can be, and "{@code false}" if not. If "{@code false}", the provider is available only to components of the same application or applications with the same user ID. The default value -is "{@code true}". +is "{@code true}" for applications which target API level 16 (Jelly Bean) +and below, and "{@code false}" otherwise.

You can export a content provider but still limit access to it with the -- cgit v1.2.3-59-g8ed1b