duplicate of rdar://21320635
| Originator: | joshua.dance | ||
| Number: | rdar://21321509 | Date Originated: | Jun 10, 2015 at 10:43 AM |
| Status: | Resolved: | ||
| Product: | iOS SDK | Product Version: | iOS 9 v1 |
| Classification: | Serious Bug | Reproducible: | Always |
Summary:
Per the discussion in WWDC Session 703 ("Privacy and Your Apps"), iOS 9 has added new controls to limit the use of the [UIApplication canOpenURL] method to detect the presence of other apps on a device.
The new system using the LSApplicationQueriesSchemes array in the app's Info.plist to whitelist allowed URL schemes is also being applied to the [UIApplication openURL] method. If URLs with schemes not explicitly declared in the plist are called, the same system log entries are made as those of "canOpenURL" and openURL fails silently.
I believe "openURL" should continue to function on any URL.
The stated goal of preventing app detection using "canOpenURL" can still be acheived without limiting the functionality of "openURL". The user experience for users of apps wishing to open arbitrary URLs may be decreased without a way to detect certain other apps, but since "openURL" will always open the other app, it can not be exploited in the same way as "canOpenURL" to scan user systems.
Steps to Reproduce:
- call [UIApplication openURL] with a URL based on a scheme not declared in LSApplicationQueriesSchemes, but which can be handled by an app installed on the device.
Expected Results:
- URL will be opened by system.
Actual Results:
- [UIApplication openURL] call fails silently.
Version:
iOS 9 beta 1
Notes:
Configuration:
Any
Attachments:
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!