On Nov 23, 12:36 am, Kumar Bibek <coomar....@gmail.com> wrote: > If you don't have a content provider, you don't have to worry about this at > all. Since, you DB cannot be accessed by other applications.
Not so fast. If you have a text field for user entry, or pull a string out of an email or off a website or from any uncontrolled source which then goes into the DB, not sanitizing it creates an attack route. See for example the infamous Bobby Tables... http://xkcd.com/327/ -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en