jspωiki
Web Blog_blogentry_310715_1
Your trail: 

2015-07-31#

How native applications can link[1]#

A separate (but complementary) feature coming to both Android M and iOS 9 is an improvement on how native applications can link between themselves, and their associated web servers. Both Android's App links and Apple's Universal Links allow application developers to claim an association with a particular web domain. Once claimed, any http(s) addresses to that domain will be interpreted by the OS as belonging to that application and not the default system browser. Similar to the previous custom URL schemes used for inter-app messaging, the new linking mechanism promises to close the security issue associated with custom URLs, namely how it was possible for other applications to squat on the URLs of a given app, and so gain access to the data shared by those URLs. By requiring that an app developer, in order to lay claim to a particular domain, be able to demonstrate ownership of that domain by placing a specific file on that domain, the new link mechanisms will shut out the hackers.

The Native Applications Working Group (NAPPS) WG in the OIDF is in the process of discussing the impact of these new mobile OS features on the emerging NAPPS spec. Apple's Universal Linking and Android's App Links both appear to provide a meaningful security enhancement and so it may make sense for NAPPS to stipulate their use. ... Again, in the context of a native application getting the user authenticated against an OAuth AS, the new linking mechanisms promise to provide additional assurance that the tokens are being issued to a valid application, and not some malicious application that was able to get itself installed and squatting on the valid custom scheme URLs. (The Proof Key for Code Exchange by OAuth Public Clients (PKCE) mechanism was motivated by the same risk, though PKCE allows the AS to ensure only that the tokens were returned to the particular application that requested them, which could be a bad app).

More Information#

There might be more information for this subject on one of the following: ...nobody

Back to main blog page    Add new comments
This page (revision-4) was last changed on 29-Apr-2017 09:39 by jim Top

Main page
About
Recent Changes
Tools Page

Lead Pages#

WikiEtiquette
Find pages
Unused pages
Undefined pages
Page Index
News


Site Maintained By -jim

Costs of Wiki

Donations#

If you like Ldapwiki, please consider a donation.

Donation for LDAPWiki


Active Sessions38
Uptime21d, 21h 16m 16s
Number of pages15310

JSPWiki v2.10.1
jspωiki
Please see our Copyright And Intellectual Property Page and Standard Disclaimer Pages!
JSPWiki v2.10.1