id: 161 View:category
Tutorials  Media
Tutorials  Media  Sharing
Sharing Intents

Nougat and onwards forbids file:///URI beyond your package

Since Android 7.0 Nougat you can’t expose a file:/// URI with an Intent outside your package domain, but don’t worry: here’s how you can fix it.

Android 7.0 Nougat introduced some file system permission changes in order to improve security. If you’ve already updated your app to targetSdkVersion 24 (or higher) and you’re passing a file:/// URI outside your package domain through an Intent, then what you’ll get is a FileUriExposedException.

When you share a file with a file:/// URI, you also modify the file system permission of it and make it available to any app (until you change it again). There’s no need to say that this approach is insecure.

Why is this happening?

According to the official documentation:

In order to improve the security of private files, the private directory of apps targeting Android 7.0 or higher has restricted access (0700). This setting prevents leakage of metadata of private files, such as their size or existence.

Full article