[Openid-specs-native-apps] IOS 8 interapp messaging
Chuck Mortimore
cmortimore at salesforce.com
Tue Jun 3 17:09:56 UTC 2014
See the tail end of the note I just sent for mechanisms to protect against
this.
-cmort
On Tue, Jun 3, 2014 at 9:23 AM, Preibisch, Sascha H <Sascha.Preibisch at ca.com
> wrote:
> I am not sure if this is what you are asking. And it is known probably by
> most of you.
> Any app can register the same custom URL scheme. And it is not
> deterministic which app will be called by the OS. Therefore passing
> parameters via custom URLs will carry the risk of passing them to "bad"
> apps.
>
> Sascha
>
> CA Technologies
> Sascha Preibisch, Principal Software Engineer
> Mobile Access Gateway
> sascha.preibisch at ca.com
> ________________________________________
> From: openid-specs-native-apps-bounces at lists.openid.net [
> openid-specs-native-apps-bounces at lists.openid.net] on behalf of
> Paul.madsen [paul.madsen at gmail.com]
> Sent: Tuesday, June 03, 2014 8:18 AM
> To: Lloyd Burch; openid-specs-native-apps at lists.openid.net
> Subject: Re: [Openid-specs-native-apps] IOS 8 interapp messaging
>
> Writ the URL scheme mechanism, has anybody done the exercise of assessing
> the associated security characteristics in Android and iOS?
>
>
> Sent from my Samsung Galaxy smartphone.
>
>
> -------- Original message --------
> From: Lloyd Burch
> Date:06-03-2014 11:00 AM (GMT-05:00)
> To: paul.madsen at gmail.com, openid-specs-native-apps at lists.openid.net
> Subject: Re: [Openid-specs-native-apps] IOS 8 interapp messaging
>
> I have now watched it three time and am looking for more information on
> the details.
>
> What I would like to know is, can the called and calling application know
> the ID of each other and can that be validated via iOS?
>
> Using the URL Schema calls is a little SLOW, but it is all we have now.
> This should fix this.
>
> Lloyd
>
>
>
> >>> Paul Madsen <paul.madsen at gmail.com> 6/2/2014 1:42 PM >>>
> >
> http://www.theverge.com/2014/6/2/5773080/ios-8-apps-can-talk-to-each-other
> perhaps relevant to mobile binding spec
> paul
> _______________________________________________
> Openid-specs-native-apps mailing list
> Openid-specs-native-apps at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-native-apps
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-native-apps/attachments/20140603/f5d1d951/attachment.html>
More information about the Openid-specs-native-apps
mailing list