Open Radar

 
Summary:

I've been learning about Agent apps, daemons and XPC on the Mac. It would be great if I could create an app for iOS which would have embedded agent services which could be run as daemons which could be accessible by other apps. The Info.plist could be used to publish these services to make them visible to the OS and discoverable by other apps.

On the Mac the SMJobBless feature could be brought to iOS to enable interoperability. And what would be extremely helpful is allowing for signed agent apps to be downloaded into a host application to be deployed as services that other apps could use. An in-app purchase could trigger the installation of an agent application which would be signed and paired exclusively with that application. Such a service could provide various services for other apps, such as photo filtering, authentication, cloud communications, etc so that functionality would not have to be dropped into every other application.

In one scenario there may be a Dropbox service integrated with the Dropbox app which simply allows a third party app to query the service for folders, files and then fetch or put files. It would function with the permissions of the Dropbox app and the Dropbox app would be prompted to allow access to the calling application. Once the third party app is authorized to use that service it will have the granted permissions until revoked. No user credentials would need to be provided.

As service could even act as a proxy between 2 separate third party applications in simple and complex ways. A camera app could send a new photo to a service which is then filtered and made available to a social media app for sharing as a single step from the camera app. Chaining apps together to provide this sort of workflow would be very useful.

XPC is not appropriate for this purpose so another RPC protocol would be used to facilitate communications which would include data transfers between apps and services.

The service would communicate with the host application using XPC or RPC so that the service is isolated from the host application for security purposes.

This would effectively be a better than OAuth solution.

Steps to Reproduce:

Expected Results:

Apps would generally be smaller and support anymore features because commonly used services would be centralized within the host application and not duplicated to many applications. It would also enhance security because the host application would likely be updated more frequently than the many third party apps which are not updated that often. I know apps which I have worked on for clients do not get updated because their release cycles are tied to the budget. Meanwhile apps from Dropbox, Facebook, Pocket and others are updated regularly.

Another benefit is that apps would have many more features in a shorter timeline because a lot of the features would be handled by existing services.

Actual Results:

Regression:

Notes: