My Application's database is vulnerable and malicious code can inject false message to database.
How to make it secure from "adb shell content insert --uri content://com.XXX" ? --bind
I tried below in my manifest
<provider android:name=".provider.MyProvider"
android:authorities="com.example.data"
android:exported="false"
android:grantUriPermissions="false"
android:protectionLevel="signature"/>
Thanks As improvement I tried this as well (in manifest):
<permission
android:name="com.xx.yy_DB_WRITE_PERMISSION"
android:label="xxyyDB"
android:protectionLevel="signature" />
<provider android:name=".provider.ZZProvider"
android:writePermission = "com.xx.yy_DB_WRITE_PERMISSION"
android:exported="false"/>
Still the ADB command from PC is able to inject message in my App's DB.
I had to sign and pre-load the application with following changes in manifest file and it worked:
<permission
android:name="com.xx.yy_DB_WRITE_PERMISSION"
android:label="xxyyDB"
android:protectionLevel="signature" />
<provider android:name=".provider.ZZProvider"
android:writePermission = "com.xx.yy_DB_WRITE_PERMISSION"
android:exported="false"/>