自定义URL方案IOS

Question

I have an application which will be launched from other apps which are mine too. But my purpose is to launch my app and do nothing with the URL. Its just a way of enabling the user to switch between apps without any data exchange.

Do I need to implement handleOpenURL or similar methods to handle the URL to filter out unwanted commands like apple mentions in Secure Coding guidelines , or just specifying the scheme in the info.plist (along with URL identifier and document role as Viewer) is enough secure considering the fact that I am not doing anything with the URL?

Answer 1

Yes, you need to implement application:handleOpenURL: or application:openURL:sourceApplication:annotation: , and return YES. The second method is preferred according to Apple's docs.

-(BOOL) application:(UIApplication *)application openURL:(NSURL *)url sourceApplication:(NSString *)sourceApplication annotation:(id)annotation{
  return YES;
}

You could additionally check the scheme, source application, or other conditions, and return YES or NO accordingly. If you have several of your apps communicating you can check for the source application or pass data using the annotation.

NSString* myappScheme = @"anindya";  // or even better read it from your plist
-(BOOL) application:(UIApplication *)application openURL:(NSURL *)url sourceApplication:(NSString *)sourceApplication annotation:(id)annotation{
  return [url.scheme isEqualToString: myappScheme];
}

As far as security is concerned, you don't really do anything else with the URL, so there's no problem. Apple's advice in this regard means if you get a URL from another app, you have to carefully parse it and assume it might be malicious. If you also check the source application you can be sure to only get data from your own apps.