[Openid-specs-ab] FYI: iOS6 changed custom schema priority rule
sakimura at gmail.com
Thu Oct 25 08:06:32 UTC 2012
It is a new attack vector :-(
On Thu, Oct 25, 2012 at 3:33 PM, nov matake <nov at matake.jp> wrote:
> When testing NRI's self-issued OP, I noticed iOS6 changed custom schema
> priority rule.
> I have my own iOS app which registered "openid://" schema.
> In iOS5, the FIRST app which registered a custom schema is given priority
> over the others which registered the same schema later.
> So my self-issued OP is always used until uninstalled.
> However, iOS6 seems changed the rule.
> In iOS6, the LATEST app gets priority.
> If an user installed 2nd self-issued OP, 1st one is never used until 2nd
> one is uninstalled.
> It means after installed 2nd self-issued OP, the user loses accounts
> access registered by 1st one.
> I have no idea how to avoid this issue now, but for your information.
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
Nat Sakimura (=nat)
Chairman, OpenID Foundation
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab