android-security：Google Play警告：您的应用包含SQL注入问题 [英] android-security : Google Play warning: Your app contains a SQL Injection issue

问题描述

作为应用程序的一部分，我们使用了两个contentProvider，但都由android：exported = false保护。

as part of our application , we are using two contentProviders but both are guarded with android:exported="false".

但是我们仍然收到了Google的邮件播放警告：您的应用程序包含一个SQL注入问题

But still we got a mail as Google Play warning: Your app contains a SQL Injection issue

他们提到了解决方案，为AndroidManifest文件中已经存在的内容提供商添加android：exported = false。

They mentioned solution as add android:exported="false" for content providers in AndroidManifest file which was already present.

有人可以建议克服这个问题吗？

Can any one suggest to overcome this issue??

仅供参考：我们还将SQL的本机应用程序的CONTENT_URI获取数据的语句，但是我们使用ContentResolver.Query而不暴露任何列或私有数据

FYI : we are also using CONTENT_URI of native apps with SQL statements for getting the data, but we are using ContentResolver.Query without exposing any columns or private data

推荐答案

我也遇到了问题因为我被宣布为我的内容提供者，并带有 android：exported = true 标签。正如Google Play所建议的那样，您应该在内容提供商中使用 android：exported = false 标签来删除此漏洞。

I have also faced the issue Since I was declared my content provider with android:exported="true" tag. As Google Play suggested you should use android:exported="false" tag with the content provider to remove this vulnerability.

并且请注意，如果您不从主线程访问数据库，则会收到访问被拒绝的SQlite异常。

因此，如果您是使用任何类型的工作线程来执行一些异步任务，并从工作线程出口处调用的回调访问数据库，则必须使用主线程进行数据库操作。

So if you are used any kind of worker threads to do some asynchronous task and accessing DB from the callback invoked at the exit of the worker thread, you should have to use main thread for DB operations.

FYI：当我从BLE Gatt写入回调向DB中插入一些数据时，我获得了Access拒绝异常

这篇关于android-security：Google Play警告：您的应用包含SQL注入问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！