[Openid-specs-native-apps] IOS 8 interapp messaging

Preibisch, Sascha H Sascha.Preibisch at ca.com
Wed Jun 4 04:36:16 UTC 2014 

Thanks Chuck!

________________________________________
From: Chuck Mortimore [cmortimore at salesforce.com]
Sent: Tuesday, June 03, 2014 10:09 AM
To: Preibisch, Sascha H
Cc: Paul.madsen; Lloyd Burch; openid-specs-native-apps at lists.openid.net
Subject: Re: [Openid-specs-native-apps] IOS 8 interapp messaging

See the tail end of the note I just sent for mechanisms to protect against this.

-cmort


On Tue, Jun 3, 2014 at 9:23 AM, Preibisch, Sascha H <Sascha.Preibisch at ca.com<mailto:Sascha.Preibisch at ca.com>> wrote:
I am not sure if this is what you are asking. And it is known probably by most of you.
Any app can register the same custom URL scheme. And it is not deterministic which app will be called by the OS. Therefore passing parameters via custom URLs will carry the risk of passing them to "bad" apps.

Sascha

CA Technologies
Sascha Preibisch, Principal Software Engineer
Mobile Access Gateway
sascha.preibisch at ca.com<mailto:sascha.preibisch at ca.com>
________________________________________
From: openid-specs-native-apps-bounces at lists.openid.net<mailto:openid-specs-native-apps-bounces at lists.openid.net> [openid-specs-native-apps-bounces at lists.openid.net<mailto:openid-specs-native-apps-bounces at lists.openid.net>] on behalf of Paul.madsen [paul.madsen at gmail.com<mailto:paul.madsen at gmail.com>]
Sent: Tuesday, June 03, 2014 8:18 AM
To: Lloyd Burch; openid-specs-native-apps at lists.openid.net<mailto:openid-specs-native-apps at lists.openid.net>
Subject: Re: [Openid-specs-native-apps] IOS 8 interapp messaging

Writ the URL scheme mechanism,  has anybody done the exercise of assessing the associated security characteristics in Android and iOS?


Sent from my Samsung Galaxy smartphone.


-------- Original message --------
From: Lloyd Burch
Date:06-03-2014 11:00 AM (GMT-05:00)
To: paul.madsen at gmail.com<mailto:paul.madsen at gmail.com>, openid-specs-native-apps at lists.openid.net<mailto:openid-specs-native-apps at lists.openid.net>
Subject: Re: [Openid-specs-native-apps] IOS 8 interapp messaging

I have now watched it three time and am looking for more information on the details.

What I would like to know is, can the called and calling application know the ID of each other and can that be validated via iOS?

Using the URL Schema calls is a little SLOW, but it is all we have now.  This should fix this.

Lloyd



>>> Paul Madsen <paul.madsen at gmail.com<mailto:paul.madsen at gmail.com>> 6/2/2014 1:42 PM >>>
> http://www.theverge.com/2014/6/2/5773080/ios-8-apps-can-talk-to-each-other
perhaps relevant to mobile binding spec
paul
_______________________________________________
Openid-specs-native-apps mailing list
Openid-specs-native-apps at lists.openid.net<mailto:Openid-specs-native-apps at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs-native-apps

More information about the Openid-specs-native-apps mailing list