I had exactly the same issue like in that question: java.lang.SecurityException: Permission Denial: opening provider when implement content provider
I have solved it using: the answer of @CommonsWare
Where He says:
App B has identical
<permission>elements as App A and both App A and App B are signed by the same signing key
But When generating the app bundles of my applications, I have forgotten to sign them with the same signing key
According to the research I have done:
It is not possible to change the singing key of an application once it is on play store.
My actual problem:
I have recently put two apps on play store which have the same <permission> element. When I install first the app A from play store, I will not be able to install the app B. When I first install the app B from play store, I will not be able to install the app A. One of my apps is not able to install when I install the other app first.
According to @commonware answer:
you would need to remove one of the two apps from the Play Store and submit a replacement, with a new application ID, that is signed by the same signing key as the other shipping app.
But I don't want to change the application ID of any of these two applications
Any idea about how to solve that issue?
Is there any other efficient alternative to ContentProvider to share data between two applications of the same author?
I have momentarily accepted the @Warlock answer but I am looking for a better answer.
It's possible to change singing key for app already in Play Store. But it has now major disadvantage which will be gone in few years. It will be working only on devices running Android 9 and above. So your mindSkdVersion has to be 28+. It's called key rotation and it's part of APK Signature Scheme v3. See this link.
Also I don't know other way how to 100% securely change data between two apps than trust same signing keys. Less secure way is only to depend on known applicationId (just sent Intent with "com.myapp.someaction") which attacker can of course use and sideload app or use other distribution. Bit harder way to break can be usage of Android IPC / AIDL directly.