In general URLs you open (via
-openURL: and friends) are not secure. Another developer’s app can claim to handle that URL scheme, at which point it’s indeterminate as to which app will be opened.
If your two apps are distributed by the same team, you can avoid this problem by putting the credential in the keychain, using a shared keychain access group.
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"