Android Development
FileUriExposedException
App Development
Android Oreo
Intents and Permissions

android.os.FileUriExposedException file///storage/emulated/0/test.txt exposed beyond app through Intent.getData()

Master System Design with Codemia

Enhance your system design skills with over 120 practice problems, detailed solutions, and hands-on exercises.

Introduction

FileUriExposedException happens when an Android app tries to share a file:// URI with another app. On modern Android, you should share files through a content:// URI from FileProvider instead of exposing raw filesystem paths.

Why file:// URIs Fail

Older Android code often did something like this:

java
1Intent intent = new Intent(Intent.ACTION_VIEW);
2Uri fileUri = Uri.parse("file:///storage/emulated/0/test.txt");
3intent.setData(fileUri);
4startActivity(intent);

That leaks a direct file path outside your app. Starting with newer Android security rules, apps targeting API 24 and above are not allowed to expose file URIs this way, so the platform throws FileUriExposedException.

The fix is not to relax the exception. The fix is to stop sharing raw file URIs.

Share the File with FileProvider

First declare a provider in AndroidManifest.xml:

xml
1<provider
2    android:name="androidx.core.content.FileProvider"
3    android:authorities="${applicationId}.provider"
4    android:exported="false"
5    android:grantUriPermissions="true">
6    <meta-data
7        android:name="android.support.FILE_PROVIDER_PATHS"
8        android:resource="@xml/file_paths" />
9</provider>

Then define the allowed paths in res/xml/file_paths.xml:

xml
1<?xml version="1.0" encoding="utf-8"?>
2<paths xmlns:android="http://schemas.android.com/apk/res/android">
3    <external-files-path
4        name="shared_files"
5        path="." />
6</paths>

Now generate a content:// URI in code:

java
1File file = new File(getExternalFilesDir(null), "test.txt");
2Uri uri = FileProvider.getUriForFile(
3    this,
4    getPackageName() + ".provider",
5    file
6);
7
8Intent intent = new Intent(Intent.ACTION_VIEW);
9intent.setDataAndType(uri, "text/plain");
10intent.addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION);
11
12startActivity(intent);

This grants another app controlled temporary access without exposing the raw path directly.

Grant the Right Permissions

The content:// URI alone is not enough. If another app needs to read the file, grant read permission on the intent:

java
intent.addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION);

If you are sharing with a chooser or a specific target app, make sure the receiving app still gets that temporary URI permission. This is especially important when the file is opened outside your process.

Set the MIME Type and Intent Action Carefully

The receiving app usually needs both the URI and the correct MIME type to open the file properly.

java
Intent intent = new Intent(Intent.ACTION_VIEW);
intent.setDataAndType(uri, "text/plain");
intent.addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION);

If you are sending the file rather than asking another app to view it, use ACTION_SEND instead:

java
1Intent intent = new Intent(Intent.ACTION_SEND);
2intent.setType("text/plain");
3intent.putExtra(Intent.EXTRA_STREAM, uri);
4intent.addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION);
5startActivity(Intent.createChooser(intent, "Share file"));

That keeps the file-sharing flow aligned with the Android intent model instead of relying on path exposure.

Keep Shared Files in an App-Controlled Location

FileProvider works best when the file comes from an app-controlled directory such as getExternalFilesDir() or internal app storage mapped through the provider paths XML. That way you know exactly which files can be shared and which cannot.

If you point the provider paths too broadly, you increase the risk of sharing more filesystem content than intended. If you point them too narrowly, getUriForFile() will fail because the file falls outside the configured paths.

Common Pitfalls

The biggest mistake is trying to keep using Uri.fromFile() or a manually constructed file:// string. That is the exact pattern Android is blocking.

Another common issue is configuring FileProvider but forgetting the matching paths XML file or using a path that does not cover the file you are sharing. In that case, getUriForFile() fails instead.

People also forget FLAG_GRANT_READ_URI_PERMISSION, which means the receiving app gets a valid content:// URI but still cannot open the file.

Finally, avoid "fixes" based on disabling the exception or changing StrictMode behavior. Those hacks dodge the symptom instead of following the supported file-sharing model.

Summary

  • 'FileUriExposedException is caused by sharing file:// URIs outside your app.'
  • Use FileProvider to create a content:// URI instead.
  • Declare the provider in the manifest and define valid shared paths in XML.
  • Grant temporary read permission on the intent when another app needs the file.
  • Do not use Uri.fromFile() for cross-app file sharing on modern Android.

Course illustration
Course illustration

All Rights Reserved.