What is the correct permission handling when sending sensitive app data as email attachment?

Question

I am having trouble granting \"reverse permissions\" for apps that I wish to provide with sensitive data in a controlled manner.

My application is a time tracker and

Answer 1

Dear people from the future,

It seems even google itself solves this problem in another way which i stumbled upon while trying to solve this same problem.

If you look at com.android.contacts.detail.ContactLoaderFragment you find in the method private Uri getPreAuthorizedUri(Uri uri):

mContext.getContentResolver().call(
            ContactsContract.AUTHORITY_URI,
            ContactsContract.Authorization.AUTHORIZATION_METHOD,
            null,
            uriBundle);

Which resolves to com.android.providers.contacts.ContactsProvider2 where a similar call method add the uri to a map mPreAuthorizedUris which is used in the query/update/...-methods.

The return value of that call is put in the Intent and then used.