How iOS 9's Safari View Controller could change your app’s onboarding experience

How iOS 9's Safari View Controller could change your app’s onboarding experience(library.launchkit.io)

23 points by rizwan 10 years ago | 4 comments

numair 10 years ago |

Doesn't this open up a bit of a privacy issue? Couldn't you scrape logged-in data from someone's social media accounts etc? Maybe I'm misinterpreting things...

I could see iOS 9.1 having a permissions dialog for "<app name> wants to access <certain domain list> while you use the app" to prevent that from happening. Until then, I could see this feature being inevitably abused.

rizwan 10 years ago | |

OP here. iOS 9's SFSafariViewController, unlike UIWebView or WKWebView, runs out-of-process and cannot be data-scraped. Beacause of this, SFSafariViewController shares cookies with Mobile Safari. The use-case here is essentially loading a special URL on the website that will take any logged in session and return back an oAuth token that the native app can use.

The communication method in the demo is as if you were talking indirectly with Mobile Safari, using a custom url protocol (e.g. fooapp://), or by using the new (safe) Universal links (apps can register specific domains/urls that will redirect back to the app, using their Associated Domains entitlements).

numair 10 years ago | | |

Aha! So the web view "redirects" back into the app using an app:// link -- and because you're accessing that web view within the app itself, the redirect is captured within the app. Smart. I assume there is some sort of delegate thing that handles the browser events? Would it intercept the deep link or does that hit the app delegate?

Thanks for the awesome insights by the way.

taylorhughes 10 years ago |

Most apps don't seem to handle the web->app jump well at all. Hopefully this helps things.