Why must Android clients perform input validation on data received from publically accessible web
service API calls?
A.
As the data is being received over the network from public services, it must be treated as
untrusted input with potential malicious intent.
B.
Publically accessible web service APIs must be accessed using HTTP and not HTTPS, so an
attacker could modify the data on the network as it is passed from the server to the Android
application.
C.
Data frequently becomes corrupted over unreliable cellular networks.
D.
JSON objects transmitted by RESTful web services are not structured in the same manner as
SOAP objects, so input validation is necessary to prevent one from being parsed as the other and
exposing potentially hidden malicious code.
Explanation: