Android-Warning: Exported activity does not require permis

1. Under what circumstances:
SDK version 20
After creating a project, add a custom Activity and define it in manifest. xml.
[Html]
<Application
Android: icon = "@ drawable/ic_launcher"
Android: label = "@ string/app_name"
Android: theme = "@ style/AppTheme">
<Activity android: name = ". MainActivity"
Android: label = "@ string/title_activity_main">
<Intent-filter>
<Action android: name = "android. intent. action. MAIN"/>
<Category android: name = "android. intent. category. LAUNCHER"/>
</Intent-filter>
</Activity>

<Activity android: name = ". SecondActivity"
Android: exported = "false">
<Intent-filter>
<Action android: name = "android. intent. action. CREATE_SHORTCUT"/>
</Intent-filter>
</Activity>
</Application>

After intent-filter is added, the warning message is displayed.

2. Cause of error:
This is because after intent-filter is added, the Activity has been exposed to applications of different processes (other applications). They do not need any permissions to instantiate the Activity.
Of course, you can specify that this Activity is only used within the program or add permissions.

3. solution:
Add android: exported = "false" to define the Activity or define the permission.
[Html]
<Activity android: name = ". SecondActivity"
Android: exported = "false">
<Intent-filter>
<Action android: name = "android. intent. action. CREATE_SHORTCUT"/>
</Intent-filter>
</Activity> www.2cto.com

PS: Because the tested Activity is used to add the corresponding Shortcut of the Activity to HomeScreen, the exported value should be true. Otherwise, it cannot be added normally.

Android: exported
Whether or not the activity can be launched by components of other applications-"true" if it can be, and "false" if not. if "false", the activity can be launched only by components of the same application or applications with the same user ID.
The default value depends on whether the activity contains intent filters. the absence of any filters means that the activity can be invoked only by specifying its exact class name. this implies that the activity is intended only for application-internal use (since others wocould not know the class name ). so in this case, the default value is "false ". on the other hand, the presence of at least one filter implies that the activity is intended for external use, so the default value is "true ".
This attribute is not the only way to limit an activity's exposure to other applications. You can also use a permission to limit the external entities that can invoke the activity (see the permissionattribute ).