Query parameters when opening a URL with custom scheme

In iOS 10 using a custom URL scheme for inter-app communication, how secure are query parameters? I want to pass an account id string from one app to another using a custom scheme, but want to make sure the account id isn't visible to anything in transit.

Up vote post of roharris Down vote post of roharris
1.2k views
Posted by
roharris
Reply
Add a Comment

Replies

In general URLs you open (via 

-openURL:
and friends) are not secure. Another developer’s app can claim to handle that URL scheme, at which point it’s indeterminate as to which app will be opened.

If your two apps are distributed by the same team, you can avoid this problem by putting the credential in the keychain, using a shared keychain access group.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment