Android IPC, part 5: Content provider, continued

- Android IPC, part five, content provider continued. How do you mitigate risk to your content provider? Well, if you can help it, don't export it, which may not be practical for you, may not be realistic. Also, if you can help it, set the protection level and permissions to signature. Signature means that only apps that have been digitally signed with your signature, your developer signature, can access this thing. Now again, that might not be practical. You might need to make it available to anybody, but if you can get away with it, do it. Use parameters in SQL queries and check to see if the data source canonical path starts with DIR. And I want to talk about that in just one sec. So here would be our first most simplest thing. Android:exported='false". So in the provider tag, in the manifest, we are not exporting this, which is only good, of course, if the same app, another component like an activity in the very same app, wants to access this data. Now, let's talk about path…