

How iOS 9's Safari View Controller could change your app’s onboarding experience - rizwan
https://library.launchkit.io/how-ios-9-s-safari-view-controller-could-completely-change-your-app-s-onboarding-experience-2bcf2305137f

======
numair
Doesn't this open up a bit of a privacy issue? Couldn't you scrape logged-in
data from someone's social media accounts etc? Maybe I'm misinterpreting
things...

I could see iOS 9.1 having a permissions dialog for "<app name> wants to
access <certain domain list> while you use the app" to prevent that from
happening. Until then, I could see this feature being inevitably abused.

~~~
rizwan
OP here. iOS 9's SFSafariViewController, unlike UIWebView or WKWebView, runs
out-of-process and cannot be data-scraped. Beacause of this,
SFSafariViewController shares cookies with Mobile Safari. The use-case here is
essentially loading a special URL on the website that will take any logged in
session and return back an oAuth token that the native app can use.

The communication method in the demo is as if you were talking indirectly with
Mobile Safari, using a custom url protocol (e.g. fooapp://), or by using the
new (safe) Universal links (apps can register specific domains/urls that will
redirect back to the app, using their Associated Domains entitlements).

~~~
numair
Aha! So the web view "redirects" back into the app using an app:// link -- and
because you're accessing that web view within the app itself, the redirect is
captured within the app. Smart. I assume there is some sort of delegate thing
that handles the browser events? Would it intercept the deep link or does that
hit the app delegate?

Thanks for the awesome insights by the way.

------
taylorhughes
Most apps don't seem to handle the web->app jump well at all. Hopefully this
helps things.

