android.os.FileUriExposedException file///storage/emulated/0/test.txt exposed beyond app through Intent.getData()
Master System Design with Codemia
Enhance your system design skills with over 120 practice problems, detailed solutions, and hands-on exercises.
Introduction
FileUriExposedException happens when an Android app tries to share a file:// URI with another app. On modern Android, you should share files through a content:// URI from FileProvider instead of exposing raw filesystem paths.
Why file:// URIs Fail
Older Android code often did something like this:
That leaks a direct file path outside your app. Starting with newer Android security rules, apps targeting API 24 and above are not allowed to expose file URIs this way, so the platform throws FileUriExposedException.
The fix is not to relax the exception. The fix is to stop sharing raw file URIs.
Share the File with FileProvider
First declare a provider in AndroidManifest.xml:
Then define the allowed paths in res/xml/file_paths.xml:
Now generate a content:// URI in code:
This grants another app controlled temporary access without exposing the raw path directly.
Grant the Right Permissions
The content:// URI alone is not enough. If another app needs to read the file, grant read permission on the intent:
If you are sharing with a chooser or a specific target app, make sure the receiving app still gets that temporary URI permission. This is especially important when the file is opened outside your process.
Set the MIME Type and Intent Action Carefully
The receiving app usually needs both the URI and the correct MIME type to open the file properly.
If you are sending the file rather than asking another app to view it, use ACTION_SEND instead:
That keeps the file-sharing flow aligned with the Android intent model instead of relying on path exposure.
Keep Shared Files in an App-Controlled Location
FileProvider works best when the file comes from an app-controlled directory such as getExternalFilesDir() or internal app storage mapped through the provider paths XML. That way you know exactly which files can be shared and which cannot.
If you point the provider paths too broadly, you increase the risk of sharing more filesystem content than intended. If you point them too narrowly, getUriForFile() will fail because the file falls outside the configured paths.
Common Pitfalls
The biggest mistake is trying to keep using Uri.fromFile() or a manually constructed file:// string. That is the exact pattern Android is blocking.
Another common issue is configuring FileProvider but forgetting the matching paths XML file or using a path that does not cover the file you are sharing. In that case, getUriForFile() fails instead.
People also forget FLAG_GRANT_READ_URI_PERMISSION, which means the receiving app gets a valid content:// URI but still cannot open the file.
Finally, avoid "fixes" based on disabling the exception or changing StrictMode behavior. Those hacks dodge the symptom instead of following the supported file-sharing model.
Summary
- '
FileUriExposedExceptionis caused by sharingfile://URIs outside your app.' - Use
FileProviderto create acontent://URI instead. - Declare the provider in the manifest and define valid shared paths in XML.
- Grant temporary read permission on the intent when another app needs the file.
- Do not use
Uri.fromFile()for cross-app file sharing on modern Android.

