iPhone custom urls and encryption

Question

Quick question: Are the custom URL's passed between applications encrypted in iOS? I can't seem to find any documentation anywhere that can tell me yes or no. Thanks!

Answer 1

In fact, you don't really need to do that by your own.

NSURL *theURL = [[NSURL alloc] 
    initWithScheme:@"http" host:@"www.wopata.com" path:@"/do?q=foo bar"];

Will return the following URL: http://www.wopata.com/do?q=foo%20bar

Answer 2

The contents of the URIs you pass around between apps are not encrypted. It just is pointless. I guess you don’t want a third party app register the same URI scheme and get the contents of the URIs you send around.

The system doing the encryption would be useless since it would have to decrypt the URI again before it is delivered to another app. Apps expect to get URIs they can use as-is and not something encrypted. So if the system encrypted it it would be safe while it is in some buffer waiting to be delivered to the final application. But nobody would bother to try to sniff it out of that buffer since one can easily write an app that just gets those URIs delivered.

And encrypting them yourself also is pointless. To decrypt them your app needs to embed a key and there is nothing preventing a hacker of reversing your app to get the key out. And now your encryption turned useless. Just don’t bother with that.

And if you transport those URIs over the net just use SSL. Doing your own crypto instead of relying on safe and well-tested protocols and implementations is never a good idea.

Answer 3

Im not sure, but theres no reason why you couldnt encrypt the url yourself. What is sent to your app, doesnt need to be a valid url.

eg.

myappuri://myreallysecret.sub.domain.com/mysecretfile.php?secretstuff=1

could just as easily be

myappuri://kalsjdfoi2u34lnvqpw3oih/aknasldkjfo289071234ljlinmqoiweu490802

your app will still get sent the second string and you could decrypt it yourself.

Not sure if it answers your question, but it might be useful.