MOB-CONTENT-PROVIDERCollection

Content Provider Data Leak

Exported ContentProvider with insufficient grantUri checks — third-party app reads private data (auth tokens, PII, cached creds).

§ Where this technique fits

MOB-CONTENT-PROVIDER is catalogued under the Collection tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 2 on average.

§ Dossiers chaining this technique

Exported ContentProvider → private data leak
App exports a ContentProvider for legitimate inter-app integration but forgets to enforce grantUri / signature permissions — a rogue installed app reads private auth tokens.
step 2 / 6

§ What commonly comes next

01
File and Directory Discovery
T1083 · Discovery
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Exported ContentProvider → private data leak

§ What commonly comes next