<div dir="ltr">See the tail end of the note I just sent for mechanisms to protect against this.<div><br></div><div>-cmort</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Jun 3, 2014 at 9:23 AM, Preibisch, Sascha H <span dir="ltr"><<a href="mailto:Sascha.Preibisch@ca.com" target="_blank">Sascha.Preibisch@ca.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I am not sure if this is what you are asking. And it is known probably by most of you.<br>
Any app can register the same custom URL scheme. And it is not deterministic which app will be called by the OS. Therefore passing parameters via custom URLs will carry the risk of passing them to "bad" apps.<br>
<br>
Sascha<br>
<br>
CA Technologies<br>
Sascha Preibisch, Principal Software Engineer<br>
Mobile Access Gateway<br>
<a href="mailto:sascha.preibisch@ca.com">sascha.preibisch@ca.com</a><br>
________________________________________<br>
From: <a href="mailto:openid-specs-native-apps-bounces@lists.openid.net">openid-specs-native-apps-bounces@lists.openid.net</a> [<a href="mailto:openid-specs-native-apps-bounces@lists.openid.net">openid-specs-native-apps-bounces@lists.openid.net</a>] on behalf of Paul.madsen [<a href="mailto:paul.madsen@gmail.com">paul.madsen@gmail.com</a>]<br>
Sent: Tuesday, June 03, 2014 8:18 AM<br>
To: Lloyd Burch; <a href="mailto:openid-specs-native-apps@lists.openid.net">openid-specs-native-apps@lists.openid.net</a><br>
<div class="im HOEnZb">Subject: Re: [Openid-specs-native-apps] IOS 8 interapp messaging<br>
<br>
Writ the URL scheme mechanism, has anybody done the exercise of assessing the associated security characteristics in Android and iOS?<br>
<br>
<br>
Sent from my Samsung Galaxy smartphone.<br>
<br>
<br>
-------- Original message --------<br>
From: Lloyd Burch<br>
Date:06-03-2014 11:00 AM (GMT-05:00)<br>
To: <a href="mailto:paul.madsen@gmail.com">paul.madsen@gmail.com</a>, <a href="mailto:openid-specs-native-apps@lists.openid.net">openid-specs-native-apps@lists.openid.net</a><br>
Subject: Re: [Openid-specs-native-apps] IOS 8 interapp messaging<br>
<br>
I have now watched it three time and am looking for more information on the details.<br>
<br>
What I would like to know is, can the called and calling application know the ID of each other and can that be validated via iOS?<br>
<br>
Using the URL Schema calls is a little SLOW, but it is all we have now. This should fix this.<br>
<br>
Lloyd<br>
<br>
<br>
<br>
>>> Paul Madsen <<a href="mailto:paul.madsen@gmail.com">paul.madsen@gmail.com</a>> 6/2/2014 1:42 PM >>><br>
> <a href="http://www.theverge.com/2014/6/2/5773080/ios-8-apps-can-talk-to-each-other" target="_blank">http://www.theverge.com/2014/6/2/5773080/ios-8-apps-can-talk-to-each-other</a><br>
perhaps relevant to mobile binding spec<br>
paul<br>
</div><div class="HOEnZb"><div class="h5">_______________________________________________<br>
Openid-specs-native-apps mailing list<br>
<a href="mailto:Openid-specs-native-apps@lists.openid.net">Openid-specs-native-apps@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-native-apps" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-native-apps</a><br>
</div></div></blockquote></div><br></div>