I know how custom URL scheme works. Basically, I just need to define a custom URL scheme in Info.plist, and handle it like following:
func application(_ app: UIApplication, open url: URL, options: [UIApplication.OpenURLOptionsKey : Any] = [:]) -> Bool {
// here I only printout
print("url host: \(String(describing: url.host))")
print("url path: \(url.path)")
return true
}
For example, if I define url as myapp://foo.com/bar , the above function would print out the host as foo.com and path as bar.
My question is, is it overall a secure way of transferring data between two apps saying another app opens the custom URL and use the path to transfer some sensitive information. e.g. myapp://foo.com/sensetive_data . Would the sensitive_data be caught by another app than mine or be leaked?
No, It's not safe to share sensitive data in custom URL scheme or Universal link.
It is possible to register two app with same custom URL scheme, at this point action is undefined which app will be open but let's suppose your is uninstalled and the fake app is installed in device then your custom URL scheme will open fake app and data can be easily read by that app.
And in Universal link when your app is not installed then it will open Safari and URL filed will contain full path which can be copied from there.
In my opinion the best way to share sensitive data between two or more app is to use Shared Keychain.
If you develop a family of apps, all of which rely on the same user
secret, you can use access groups to securely share that secret among
those apps. For example, you can share credentials, so that logging
into one of your apps automatically grants the user access to all of
your apps. This kind of sharing doesn’t require interaction with or
permission from the user, but limits sharing to apps that are
delivered by a single development team.
In my opinion it is not secure if your sensitive data is not encrypted.
To read your sensitive data I would just have to uninstall your second app, and install my own registering the same scheme than yours to access the data.
So, you may either:
encrypt your data (with all the restriction applied to encryption usage)
use some kind of a token that can be used to retrieve sensitive data from your server
EDIT:
For encryption you can use the Security framework: https://developer.apple.com/documentation/security/certificate_key_and_trust_services/keys/using_keys_for_encryption
Related
Scenario is user will get a link to his email. If user clicks on the link, If app is already installed, app should open and if app is not installed it should redirect to app store.
I've seen deeplinks implementation, but I believe it needs some more implementation in backend too. Can any one help on this?
Redirect to application if installed, otherwise to App Store
gone through this. Is there any better way?
added gif for one more scenario:
in the below gif, from email to app it navigates directly? how?
I'm assuming the link you want to pass by email is an https link. If that's the case, for iOS to be able to redirect it to your app, you'll need to implement universal links. This implementation requires you to register the domain you want to respond to on your entitlements file and add an apple-app-site-association file to your backend. This way Apple can verify the domain you're trying to respond to is really yours.
As a result, when the app gets installed, it can be invoked by your domain links via deeplinking.
Now when there's no installed app able to respond to a specific https domain link, the system will simply open it on a web browser. Consequently, you cannot force iOS to open such links on AppStore directly. What you can do is to check whether the running device is iOS when your website gets accessed and ask the system to show your app on AppStore.
And to request iOS to launch AppStore from a website you can use itms-apps:
const iOS = !!navigator.platform && /iPad|iPhone|iPod/.test(navigator.platform);
if (iOS) {
// Just replace `https://` with `itms://` on your app's AppStore link.
window.location.href = "itms://itunes.apple.com/us/app/google-maps-transit-food/id585027354?mt=8";
}
// In this example I'm redirecting to Google Maps app page on AppStore.
Note: This is just a simple example used to demonstrate the concept. For a real application, you may want to use a device detection library for browsers, like mobile-detect.js
My suggestion is check iOS version
here Example
let url = URL(string: "www.stackoverflow.com")!
if #available(iOS 10.0, *) {
UIApplication.shared.open(url, options: [:], completionHandler: nil)
} else {
UIApplication.shared.openURL(url)
}
How can I add deeplink (url like https://www.example.com) in iOS using swift.
The scheme in plist is not working if I enter url in it.
You can check the screenshot of plist attached.
You are attempting to register your app for the URI scheme https which Apple has already reserved for Safari, therefore you will not be able to use it.
Option 1: Custom URI Scheme
You must come up with a custom URI scheme like customURI://www.domain.com
Downside: If a user clicks on this link without the app installed. iOS will show that user and error.
Option 2:Universal Links
Apple launched Universal Links in iOS 9 to enable developers to associate their http link with their app. This requires you to host your own AASA file on your domain so that your domain becomes associated with your app ID.
Option 3: Branch.io
Branch will actually bundle up Universal Links and URI schemes and use them appropriately when necessary. They also perform deferred deep linking. They'll host your AASA file for you, but your app domain will have to be either https://*.app.link or some dedicated subdomain of a domain that you own.
only to be precise:
If you need more docs about in Apple docs, use the CORRECT name for the technology.
If You use url starting with a schema different from http (for example fb:// for FB) is not a LINK, is a "custom" url.
Anyway use: custom url and see at:
https://developer.apple.com/library/content/documentation/iPhone/Conceptual/iPhoneOSProgrammingGuide/Inter-AppCommunication/Inter-AppCommunication.html
I have 2 iOS applications, using URL Scheme I am able to open app B through A like I have created URL Scheme in B and using OpenURL calling it from application B. Also, I am able to pass the data.
But what I am looking for, is there a way to move back to application A on some specific event.
In B I am getting all details about A in sourceApplication but how to move back?
Do we need to create URL Scheme for both of the apps for communicating with each other? or is there any way to invoke sourceApplication and move back?
Issue 1
in case of Facebook SDK, I create URL Scheme for my app because once authentication is done I want Facebook SDK to call my app that right but I didn't register my app scheme in Facebook SDK info.plist. how does it work?
Issue 2
I have tried on Simulator and device both. if I call canOpenURL it gives me an error
-canOpenURL: failed for URL: "openb://" - error: "This app is not allowed to query for scheme openb"
But If I directly call UIApplication.shared.open it launches the application successfully.
Any leads here?
If you want to invoke iOS application from another iOS app URL Scheme is the way. A URL scheme lets you communicate with other apps through a protocol that you define. To communicate with an app that implements such a scheme, you must create an appropriately formatted URL and ask the system to open it. To implement support for a custom scheme, you must declare support for the scheme and handle incoming URLs that use the scheme.
How to move back or open sourceApplication?
To achieve this you have to create URL Scheme for both of the application.
Issue 1 and 2
Before iOS 8, everyone was using canOpenURL for checking whether this URL is exist for not and if yes openURL for invoking the application. But concern came when few developers/apps started using it to track the user iPhone (what all application is installed) for advertising purposes etc. That's why Apple came up with the solution called URL Scheme Whitelist.
So according to that, if you want to use canOpenURL you have to whitelist the URL Scheme otherwise it will through an error like error: This app is not allowed to query for scheme and if you want to open the application use openURL directly.
Yes it broke lots of SDKs login flow but it makes sense.
For more information, canOpenURL(_:)
I want to pre fill the verification code in my app's textfield once the user gets an SMS for verifying their number. But, due to security concerns, I don't think that feature is available on iOS. Now, I want to achieve something similar to WhatsApp. When I enter my number in WhatsApp, it sends me a verification code as well as a text that reads,"click here to proceed further". On clicking that link, I am redirected to WhatsApp and my mobile verification process is complete. I want to achieve something similar.
Yes, similar kind of thing can be achievable by using DeepLinking. You need to deep link the page to open particular screen of the app through link.
URLSchems also come in handy for this kind of requirement. For that your app has to whitelist the Scheme identifier it's going to use. So that through that URL scheme you OS will open your app. Send a message with URLScheme.
URLScheme looks like this: MyApp://myapp.com?VerificationCode="65636"
Now you need to get that parameter by using following methods:
func application(app: UIApplication, openURL url: NSURL, options: [String: AnyObject]) -> Bool {
scheme = url.scheme
path = url.path
query = url.query
return true
}
Now send that parameter to your server to verify. That's it.
I want to open sayduck application from my iOS application. I know I need to use URL Scheme register by this application. My problem is that I cant fint this URL. Do you know how I can check if this URL is definded?
There is a URL scheme - but unless you're sure the user has the Sayduck application installed the best approach is to go via safari. openURL:
http://in.sayduck.com/
This will either launch the app, go to the appropriate app store download page for the device or show a web page depending on the device type (desktop/ios/android etc.)
Disclosure: I work for sayduck