Testing for SQL Injection

Why

A mobile application, much like a web application, becomes vulnerable to an SQL Injection attack if user input is used to create a dynamic query, mixing commands and data.

The key difference is that the access mechanism to the data store via vulnerable input may occur from a different app if mobile components are shared between apps due to misconfigurations or if the application supports multi-user login and the same database is used.

What

During vulnerability assessment of a mobile application, the analyst should check if it is possible to conduct SQL injection attacks on the local storage of the mobile device.

How

https://solidgeargroup.com/sql-injection-in-content-providers-of-android-and-how-to-be-protected