If some of the content provider's URIs require no read permissions and/or GrantURI
is set to
true, you may be able to extract data from it using some of the drozer tools. Also, in certain situations, the way read/write permissions are issued and enforced also exposes the data in a content provider to attacks.
This recipe will covers some simple tricks that you can use to get a feel of the kind of information stored in the provider. This recipe follows from the previous one and assumes you've already enumerated some content URIs and determined that either none or insufficient permissions are required to interact and query the related URIs.
Once you've found a URI, you'd query using ...