Additional Security Considerations for Custom URI Schemes on iOS

Tom Jones suggested adding this additional Security Considerations text about Custom URI Schemes on iOS:

While it is possible to assign handlers to URIs, and it is possible that the o/s could help the user select the correct handler, it is not possible to guarantee that the handler for a given URI has not been completely taken over by a subsequently installed native app. At the time this was written there appears to be no fool-proof mitigation for this vulnerability.

‌

Comments (2)