To protect malicious applications from accessing a content provider, 1 way is to set the android:protectionLevel="signature".
This way, only another app that has been signed with the same signature could access the contents of a content provider. But is it safe? How does it check the signature? For example I have a signed App A, is the signature stored somewhere for another app to check? Or the checking is done by another mechanism? Thanks in Advance -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscr...@googlegroups.com. To post to this group, send email to android-security-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
