O'Reilly logo

Android Security Cookbook by Scott Alexander-Bown, Keith Makan

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Extracting data from vulnerable content providers

If some of the content provider's URIs require no read permissions and/or GrantURI is set to true, you may be able to extract data from it using some of the drozer tools. Also, in certain situations, the way read/write permissions are issued and enforced also exposes the data in a content provider to attacks.

This recipe will covers some simple tricks that you can use to get a feel of the kind of information stored in the provider. This recipe follows from the previous one and assumes you've already enumerated some content URIs and determined that either none or insufficient permissions are required to interact and query the related URIs.

How to do it...

Once you've found a URI, you'd query using ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required