Personally, whether you ContentValues or use regular SQLiteDatabase queries, you cannot be 100% safer from SQL injections.
With that said, if you're more comfortable using ContentValues , it's best to avoid typing any user or if you want to use SQLiteDatabase queries, look at SQLiteQueryBuilder , it helps structure your query.
If Android offers parameterized queries that will be best used for protection against injection. Until then, we will have to wait and find alternatives.