Sharing a file with another app on Android, a photo to an editor, a PDF to a viewer, the output path for a camera intent, is one of those everyday tasks that has a secure way and an insecure way. The insecure way, handing out a raw file path, both crashes on modern Android and exposes your storage. The secure way is FileProvider, which gives the other app a temporary, scoped handle to a single file without revealing where it lives or making it world-readable. Here is what FileProvider is, why it replaced raw file paths, and how to configure it safely.
Short answer
FileProvider is a special content provider that shares files with other apps through content:// URIs instead of raw file:// paths, granting the receiving app temporary, scoped access to a specific file. Per Android's FileProvider documentation, since Android 7 sharing a file:// URI throws an exception, so FileProvider is the supported way, and it is also the secure one: it does not expose your file paths or make files world-readable, and it grants access per file with a temporary permission. Configure the provider's shared paths narrowly, keep it non-exported with URI permission granting, and grant temporary read access only for the file you are sharing. That shares one file without opening your storage.
What you should know
- FileProvider shares via content:// URIs: not raw file paths.
- file:// sharing is blocked: since Android 7 it throws an exception.
- Access is temporary and scoped: granted per file to the receiving app.
- It hides your paths: the other app gets a handle, not your storage layout.
- Configure shared paths narrowly: do not expose your whole app directory.
What is FileProvider, and why use it?
It is a content provider that lets you share a file with another app safely. Instead of giving another app a file:// path that points directly into your storage, FileProvider generates a content:// URI that acts as a managed handle to a specific file, and you grant the receiving app temporary permission to read or write just that file. Since Android 7, passing a file:// URI across apps throws a FileUriExposedException, so FileProvider is required for file sharing, but the reason it exists is security: raw file paths can expose your storage structure and, with world-readable storage, let other apps reach files you did not intend to share. FileProvider replaces that with controlled, per-file access, so the other app can open the one file you handed it and nothing else.
file:// versus content://
The difference is exposure versus controlled access. The table contrasts them.
| Aspect | file:// URI | content:// URI via FileProvider |
|---|---|---|
| Works on modern Android | No, throws an exception since Android 7 | Yes, the supported method |
| What the other app gets | A direct path into your storage | A managed handle to one file |
| Access scope | Depends on file permissions | Temporary, granted per file |
| Path exposure | Reveals your storage layout | Hides it behind the provider |
So a content:// URI from FileProvider is both the working and the secure choice: the receiving app gets a temporary, scoped handle to the single file you shared, with no view of your storage layout and no standing access. A raw file:// URI, beyond failing on modern Android, leaks more than you intend.
How do you configure FileProvider securely?
Declare narrow shared paths, keep the provider locked down, and grant temporary access per share. Define the provider in your manifest with a paths configuration that exposes only the specific directories you need to share from, not your entire app directory, since the paths you declare are what can ever be shared. Keep the provider non-exported and rely on URI permission granting, so other apps cannot query it directly and only get access through a URI you hand them. When you share a file, generate its content:// URI and grant the receiving app a temporary read permission with the grant-read flag for that intent, so the access lasts only as long as needed and applies only to that file. Do not grant write access unless the other app must write, and do not widen the shared paths to cover sensitive data. The principle is to share exactly one file, temporarily, without exposing anything else.
What to watch out for
The first trap is trying to share a raw file:// URI, which throws an exception on modern Android and, on older versions, exposes your storage; use FileProvider. The second is configuring the provider's paths too broadly, exposing more of your storage than you need to share. The third is granting write access or persistent permission when temporary read access to one file is all that is needed. A pre-submission scan such as PTKD.com (https://ptkd.com) reads the compiled APK or AAB against OWASP MASVS and surfaces your content providers and how the app exposes files, so you can confirm your FileProvider shares narrowly and is not over-exposed. The configuration you set in the manifest and the share code.
What to take away
- FileProvider shares files with other apps through
content://URIs that grant temporary, scoped access to a specific file, instead of rawfile://paths. - Sharing a
file://URI throws an exception since Android 7, so FileProvider is both the supported and the secure method. - Configure the provider's shared paths narrowly, keep it non-exported with URI permission granting, and grant temporary read access only for the file you share.
- Avoid broad paths and unnecessary write access, and use a pre-submission scan such as PTKD.com to confirm your file sharing is not over-exposed.
