Developers continue to push the envelope on iPhone application development, skirting the bounds of Apple's development guidelines and discovering means for implementing undocumented, pioneering functionality. The latest breakthrough comes from Innerfence software, and is best described by its author: "Go somewhere; do something; come back."
Most iPhone applications offer a one-way street when it comes to accessing other applications' functionality. Click on a URL in Mail, for instance, and you are transported to Safari. In order to get back to Safari though, you need to click the home button then tap the Safari icon again. In other words, once transported to a new app, you are (in a sense) marooned there.
Innerface gets around this limitation by exploiting Apple's URL-based method for applications to communicate with each other. Via URL schemes in applications' respective Info.plist files, said apps can communicate and pass control between one another.
Developers from Innerface have posted source code for the scheme, but they note a few security ramifications:
Source
Most iPhone applications offer a one-way street when it comes to accessing other applications' functionality. Click on a URL in Mail, for instance, and you are transported to Safari. In order to get back to Safari though, you need to click the home button then tap the Safari icon again. In other words, once transported to a new app, you are (in a sense) marooned there.
Innerface gets around this limitation by exploiting Apple's URL-based method for applications to communicate with each other. Via URL schemes in applications' respective Info.plist files, said apps can communicate and pass control between one another.
Developers from Innerface have posted source code for the scheme, but they note a few security ramifications:
"By registering to handle a URL scheme, an iPhone app becomes a de facto web app, subject to many of the nasty attacks that work on the web. Apps implementing this scheme must be careful to validate any parameters they get from the URL lest they be vulnerable to old friends like SQL injection."Feedback? iphoneatlas@cnet.com.
Source
No comments:
Post a Comment