In iOS 10 using a custom URL scheme for inter-app communication, how secure are query parameters? I want to pass an account id string from one app to another using a custom scheme, but want to make sure the account id isn't visible to anything in transit.
In general URLs you open (via
-openURL: and friends) are not secure. Another developer’s app can claim to handle that URL scheme, at which point it’s indeterminate as to which app will be opened.
If your two apps are distributed by the same team, you can avoid this problem by putting the credential in the keychain, using a shared keychain access group.
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"