Android Application Secure Design / Secure Coding Guidebook by JSSEC | 4.3. Creating/Using a Content Provider (2013/4/1 edition)using content providers
4.3.1.1. Creating/Using a using private content providerproviders
4.3.1.3. Creating/Using a using partner -limited content provider (white listing)content providers
4.3.1.4. Creating/Using a private content provider (signature permission)using in-house content providers
4.3.1.5. Creating/Using a using temporary permit content providerproviders
4.3.2.1. Never create a content provider to be used only within the app for Android Content provider that Is used only in an application cannot be created in android 2.2 (API Level 8) and beforeor earlier
4.3.2.2. Never publish a content provider which is intended to be used only within the applicationContent provider that is used only in an application must be set as private
4.3.2.4. Verify signature permission before useUse an in-house defined signature permission after verifying that it is defined by an in-house application |
