Let's say I have a web app that calls out to a native app via a custom URL scheme, and after the native app has done its thing it returns to my web app by opening a callback URL.
This all works fine when my web app is running in Safari. But what happens if a user saves the web app to the home screen (creating a "Web Clip")? In that case it runs in a separate process from regular safari, and has separate cookies and cache.
So when the native app tries to return to the web app, the URL will presumably get opened by Safari, not by the Web Clip, and the session will be lost. (And not just the session -- all the page state, which in a rich Javascript-based web app can be a lot of stuff with non-trivial startup time.)
Is this assumption correct? And if so, is there any way around it? Is there some way to get iOS to try to open the URL with a web clip if installed?
In order to have something launch via a custom url scheme on iOS, you must have an application register this information via the Info.plist built into the app.
It is not possible to have a webapp/webclip register this information system-level.
So, to answer your main question, you cannot do this.
Here is the information on implementing custom URL schemes in native applications.
Related
I am working on project where I have been implementing deep linking from app/browser to my app. I have everything setup and it has been working as expected.
But recently, there is changed to the other app where there is new url introduced, which is launching in the browser and that url has changed to exiting url. But it is not launching my app. How to implement and launch my app with that change?
Example
--> deep link url, https://www.externalApp.com/requestPage=homePage&id=4444
--> When user tap on button on the external app, the above URL is invoke and launch the my app.
After change
--> Now new url, http://www.externalApp.com/request=sometoken
--> when user tap on button, http://www.externalApp.com/request=sometoken invoke and open browser and then become https://www.externalApp.com/requestPage=homePage&id=4444 in the browser. But it is staying in the browser and not opening my app.
Expectation is to launch app after url become https://www.externalApp.com/requestPage=homePage&id=4444.
Please help and advise.
A URL redirect will not trigger your app deeplink under any circumstance.
The ideal way to do this would be for your app to handle the URL http://www.externalApp.com/request=sometoken and convert it into https://www.externalApp.com/requestPage=homePage&id=4444 using whatever logic you are currently executing server-side (or on the webpage).
If this is not possible in any way, then the discussion goes into the direction of ugly hacks where you try to trigger the deeplink using Javscript, which can fail (since you cannot guarantee that the deeplinked app is present on the device). I would not delve into those pathways here and recommend you re-think your solution.
Please note that I do not mean to disparage or deride your implementation in any way. You may have a valid use-case where such a flow is required. But with how universal links work on iOS, the above is my recommendation based on my experience as a developer.
I have an app that gets opened from another app via a URL scheme. The URL contains signup tokens. As any app can register the same URL scheme as my app, I am concerned a "fake" app can do a man-in-the-middle attack and capture the signup tokens.
My idea is to check that the URL scheme does not open another app when my app is first opened.
From a security perspective, if the URL scheme opens my app the first time, will it always open my app in the future?
How about using iOS 9 universal links?
Unlike custom URL schemes, universal links can’t be claimed by other apps, because they use standard HTTP or HTTPS links to your website.
https://developer.apple.com/library/prerelease/ios/documentation/General/Conceptual/AppSearch/UniversalLinks.html
This way the "dispatch table" is on your server, so no other app can hijack the signup URL. (URL dispatch is based on AppIDs)
It's a valid (and usually ignored) attack vector. It isn't strictly a man-in-the-middle attack as it won't forward the URL on to your app (it can't). It's almost worse as the attacking app would only really be able to crash and it would look like your app had...
Another app could be installed any time your app is in the background. Technically it's possible that an update is released and installed for an existing app while your app is running (it's hard to know if that happens). So, it isn't safe to only test when your app is first opened.
We have link functionality in our web application that when clicked, browses to a page on our server that performs the following:
Tries to open the custom url to our ios application
If this fails, it redirects the user to our ios app store to download the app.
This actually all works perfectly well.
However, it creates a weird corner case, where after a user has done this and finished, if they come back sometime later and open their safari on the same phone, if our web link is still the active tab, it will redirect them again to our application.
The cause of this is fairly obvious, but we are struggling to come up with a solution for it. Is there any known to rectify this behavior, either through a different mechanism then I described for opening the application or through somehow killing the page simultaneously?
Assume I build a native Facebook App for the Mac or for iOS (just an example).
Now whenever the user opens an url http://facebook.com/.. I want my app to open rather than the browser. This is similar to opening google maps links prior to iOS 6 on iOS.
Unfortunately (like in the case with facebook) I do not own the service but I am only consuming its API so I can't forward to another URL from the actual website.
My question now is whether this is possible:
On the Mac with my native Mac App
On iOS (However, here I would be quite supprised if this was possible)
On iOS you can register a custom protocol which triggers if any other app (system, or not) tries to open that URL.
So in other words. Say your app registers the protocol 'myprotocol'. Then if you go to safari and type in the addressbar: myprotocol://sometext it will open your app, and your app can handle that URL.
This ALSO works from HTML loaded externally from Safari. So if your website is shown and on your website you link to myprotocol://sometext and someone clicks the link, then again your app will be opened.
Catching generic http requests system wide is unsupported on iOS
search for CustomURL / customProtocol for IOS apps. you will get your required answers. do let me know if you need a sample code.
I have a client that needed to abandon their very poor native app and needs a temporary solution immediately. They have a mobile optimized website and we'd like to deploy an app in the store to replace the current one, and design it such that as soon as you launch it, it either hosts the site within a web browser control, or just redirects the user to a website in the iPhone Safari app. I realize there are subtle differences between the browser control and the actual Safari browsers.
Are there any tools or products that auto create such simple apps, and are there any problems with getting such simple apps approved by Apple?
Sounds like you want to make a hybrid app.
http://www.cocoacontrols.com/posts/a-primer-on-hybrid-apps-for-ios
Your app could just be a UIWebView that shows the website. It's possible that Apple might reject ithe app if there is nothing to it except a web view -- do some research on that possibility.