1 Reply
      Latest reply on Jan 27, 2017 1:31 AM by eskimo
      roharris Level 1 Level 1 (0 points)

        In iOS 10 using a custom URL scheme for inter-app communication, how secure are query parameters? I want to pass an account id string from one app to another using a custom scheme, but want to make sure the account id isn't visible to anything in transit.

        • Re: Query parameters when opening a URL with custom scheme
          eskimo Apple Staff Apple Staff (13,925 points)

          In general URLs you open (via -openURL: and friends) are not secure.  Another developer’s app can claim to handle that URL scheme, at which point it’s indeterminate as to which app will be opened.

          If your two apps are distributed by the same team, you can avoid this problem by putting the credential in the keychain, using a shared keychain access group.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"