tags:

views:

46

answers:

2
Q: 

iPhone custom urls and encryption

Hello stackoverflow,

Quick question: Are the custom URL's passed between applications encrypted in iOS? I can't seem to find any documentation anywhere that can tell me yes or no. Thanks!

A: 

Im not sure, but theres no reason why you couldnt encrypt the url yourself. What is sent to your app, doesnt need to be a valid url.

eg.

myappuri://myreallysecret.sub.domain.com/mysecretfile.php?secretstuff=1

could just as easily be

myappuri://kalsjdfoi2u34lnvqpw3oih/aknasldkjfo289071234ljlinmqoiweu490802

your app will still get sent the second string and you could decrypt it yourself.

Not sure if it answers your question, but it might be useful.

Toby Allen  2010-09-27 18:57:47
Yeah, well that's what I was going to do if it wasn't natively supported. I suppose that answers the question. Thanks for the tidbit of advice though ;)
Geoff Baum  2010-09-27 20:18:48
Actually here is a sub question for you. Is it possible for something to sniff that data as it is passed to the other app?
Geoff Baum  2010-09-27 20:27:07
Again I dont know for sure, but I would imagine it is possible, though it may not make it through the app store process. Its just a message and presumably someone else could write an app that uses the same uri identifier as you so the OS would pass your string to that app instead :)
Toby Allen  2010-09-27 21:12:56
A: 

The contents of the URIs you pass around between apps are not encrypted. It just is pointless. I guess you don’t want a third party app register the same URI scheme and get the contents of the URIs you send around.

The system doing the encryption would be useless since it would have to decrypt the URI again before it is delivered to another app. Apps expect to get URIs they can use as-is and not something encrypted. So if the system encrypted it it would be safe while it is in some buffer waiting to be delivered to the final application. But nobody would bother to try to sniff it out of that buffer since one can easily write an app that just gets those URIs delivered.

And encrypting them yourself also is pointless. To decrypt them your app needs to embed a key and there is nothing preventing a hacker of reversing your app to get the key out. And now your encryption turned useless. Just don’t bother with that.

And if you transport those URIs over the net just use SSL. Doing your own crypto instead of relying on safe and well-tested protocols and implementations is never a good idea.

Sven  2010-09-28 12:20:11
Ok thanks for the detailed response. That's exactly the info that I needed to know. Thanks for the help!
Geoff Baum  2010-09-28 13:29:46

related questions

How do we get arround Apple's decission to skip sms templates for iPhone?
iPhone App Crashing - Error Question
Can I write native iPhone apps using Python
Does the Iphone 1/2 have a compass inside?
How do you beta test an iphone app?
Is it just the iPhone simulator that is restricted to intel only Mac's?
iPhone App Minus App Store?
Deleting messages from Exchange IMAP mailbox on iPhone
Is there a multiplatform framework for developing iPhone / Android applications?
How can I launch the Google Maps iPhone application from within my own native application?
Tips for a successful AppStore submission?
iPhone app that access the Core Location framework over web
Virtual Mac?
What's a good machine for iPhone development?
How can I develop for iPhone using a Windows development machine?
Recommended iPhone Development Resources
Best Wiki for Mobile Users
How to programmatically send SMS on the iPhone?
iPhone - Exchange Calendars in Public Folders
iPhone web applications, templates, frameworks?
Understanding reference counting with Cocoa / Objective C
How-to articles for iPhone development, Objective-C
What are the correct pixel dimensions for an apple-touch-icon?
How do I give my web sites an icon for iPhone?
iPhone app in landscape mode