Jakub Truhlář
Reputation: 20710
Is the apple-app-site-association implementation safe?
By implementing universal links, you end up with an apple-app-site-association file that you put in the root of your server. The file contains both bundleID and teamID. Is this safe?
I can clearly download e.g. Google’s one and get their IDs since the scenario is always the same.
Upvotes: 0
Views: 389
Answers (1)
Alex Bauer
Reputation: 13613
There is no security risk from displaying the bundle ID and team ID. It is not possible to use these two pieces of information for anything (either productive or dangerous) without also having access to your Apple Developer account password.
Upvotes: 2
Related Questions
- Apple-app-site-association is not working
- universal Link's apple-app-site-association file in iOS14
- iOS apple-app-site-association - does it need to be off the root of my server?
- Sign apple-app-site-association
- Requests to /.well-known/apple-app-site-association
- Can we test iOS Universal Links / Deep Links without apple-app-site-association (AASA)?
- Does apple-app-site-association work with a web app?
- why universal links are not working even though validated right by apple?
- Apple App Site association not working
- Does DeepLinking apple-app-site-association file need signing?