First, move <provider>
to be a child of <application>
, not <activity>
.
Second, change android:exported="true"
to android:exported="false"
, until such time as you secure your ContentProvider
. As it stands, once you fix the <provider>
element location as noted above, any app can read and write anything in your provider, which is unlikely to be what the user wants.