Manipulation invisible fields android app

simone bruziches
simone bruziches used Ask the Experts™
on
Sorry if I didn't post the code, but my question is purely theoretical.

I am creating an android app, where in the Login activity the login credentials are entered by the app automatically (after an authentication via SMS) in the EditText GONE and are sent to the server.

Is it a problem if the php code is vulnerable to SQL Injection?

Would some attacker be able to manipulate the hidden fields of my application?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Experts Exchange Dev
Commented:
Is the backend API your app is talking to written in PHP? Regardless, you should never trust user inputs no matter where they come from and always take steps to sanitize their inputs to prevent SQL attacks. Even a non-compromised app should be unable to directly run database commands.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial