[Openid-specs-native-apps] Identifying applications.

[William Denniss]

On Wed, Aug 6, 2014 at 4:15 PM, John Bradley <ve7jtb at ve7jtb.com> wrote:


> Can people comment on what needs to be passed to uniquely identify an app
> on iOS , Android and Windows mobile.
>

For iOS it is the bundle identifier. These are globally unique within the
Apple ecosystem.  I verified this by attempting to create a new app using a
known bundle identifier of another app, and got the error: "The Bundle ID
you entered has already been used.".

The bundle identifier is passed by the OS during inter-app communication in
the UIApplicationDelegate/application:openURL:sourceApplication:annotation:
<https://developer.apple.com/library/ios/documentation/uikit/reference/UIApplicationDelegate_Protocol/Reference/Reference.html#//apple_ref/occ/intfm/UIApplicationDelegate/application:openURL:sourceApplication:annotation:>
method which can be used to restrict which apps you interact with. This has
applications similar to whitelisting javascript origins and redirect URIs.

On Android, the package name – very similar in concept to the iOS bundle
identifier – is also globally unique (docs
<http://developer.android.com/guide/topics/manifest/manifest-element.html#package>).
Two apps on the Play Store cannot have the same package name.

As Android allows apps from unknown sources, the OS level assertion of the
bundle identifier is less authoritative than on iOS, which is why it may be
advisable to also verify the application signature. It is theoretically
possible to distribute an iOS app with a conflicting bundle identifier, but
it would have to be distributed outside the App Store which is hard
(Enterprise, AdHoc or development builds – none which can achieve wide
distribution).

William
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-native-apps/attachments/20140806/9b86eac4/attachment.html>