0
Dueling Banjos                            (Inter-App Communication)                            Michael Dorin              ...
Agenda                • Introduction                • That was my Intent!                      o   Android Inter-App Commu...
Introduction                  • Inter-application communication promotes                          development of feature r...
Introduction                  • Android and iOS provide messaging systems for                          communications with...
Android Vocabulary        • Applications are...Built upon components        • Components               o   Activity       ...
Processes and Threads        • Application startup          • Android creates a Linux process with a single               ...
Activity                                     Activity                                                System               ...
That was my intent        •     Intents launch activities and   “Intents are system messages, running              service...
Thats ‘intents’                  • You may transmit Data in Intents                  • You may return Data in Intents     ...
Intent Constructors           Intent()           Create an empty intent.                                                  ...
Implicit Intent     Intent(String action, Uri uri)     The primary pieces of information in an intent are:       • action ...
Examples:• ACTION_VIEW content://contacts/people/1 -- Display information about the person whose identifier is "1".• ACTION...
Explicit Intent      Intent(Context packageContext, Class<?> cls)     The primary pieces of information in an intent are: ...
Additional attributes    •   category -- Gives additional information about the action to execute.    •   type -- Specifies...
EasyActivity.java                        Example:                    Explicit Intent                   Activity Launched  ...
Example:                                                                 Activity launched, now                           ...
Inside the Service                                                                (EasyService.java)     @Override     	 p...
Activity Handlerpackagpublic class EasyActivity extends Activity {		   MyHandler handler = new MyHandler();	   Messenger m...
So far                  • 2 Examples                  • Launch activity with explicit intent and no                       ...
Next example                  • startActivityForResult - Expect a result from the                          calling activit...
Example 3:                    Explicit Intent                   Activity Launched                       Intra-App   intent...
*You can do the same thing with a service              *It takes a couple Extra Steps though              *See simpleActiv...
@Override                                                        TrivialActivity.javapublic void onCreate(Bundle savedInst...
Response via                                                              Broadcast @Override 	 public int onStartCommand(...
Bound and Determined                  Bound Service                   •      The server in a client-server interface.     ...
Bound Services                   •      A bound service allows other applications to bind to..to interact with it.        ...
Bound Services                   • We can use messages as before                   • We can invoke functions directlyWedne...
Step 1- Make Service      final Messenger myMessenger = new Messenger(new MessageHandler());      @Override      public IB...
Make a connection, Start      the service!                     localBoundServiceConnection = new LocalBoundServiceConnecti...
Use the service                localBoundService.getRandomNumber();                                        BoundActivity.j...
AIDL        • Previous examples work well for services                local to application.        • If you want to expose...
class AidlServiceConnection implements ServiceConnection {   	     	     public void onServiceConnected(ComponentName name...
AIDL Use is almost the same            int res = 0;            	 	 int[] value3 = new int[3];            	 	 try {        ...
What about implicit              intents, leveraging other                peoples applications              and reducing d...
Lights Camera Action!                                                                        Action               intent =...
Implicit via category               intent = new Intent();               intent.setAction(Intent.ACTION_MAIN);            ...
Implicit Intents                  • Work from intent filters                  • You can define your ownWednesday, March 20, ...
Example               Implicit via custom category               intent = new Intent();               intent.setAction(Int...
Example                          Implicit Intent via URI                                                                  ...
Example               Implicit Intent via Custom URI                     <intent-filter>                        <action an...
<activity android:name=".MainActivity" android:label="@string/title_activity_main"	    	     	    android:exported="true">...
UR’all that… and more!               iOS Inter-App Communication                   • Launching apps automatically via URLs...
“Launching” Apps                                     Manually                   •      “Launching” from user context      ...
Launching Apps                           Automatically                   • URL schemes                    • E.g.,http://ww...
Data Sharing                            via Network                   • Cloud service                     • E.g., Facebook...
Data Sharing                                       on Device                   •      URL parameters                      ...
Apple                             URL Schemes                   Safari      http://www.yahoo.com   https://www.wellsfargo....
In-App Services                               Native API                   Safari      UIWebView                   Mail   ...
Launching App via                                  HTML Link               • HTML links                          <a href="...
Link                          Auto-Detection               • Auto-detection of link-like text within HTML                 ...
Launching app via                                   Native API               • Objective-C API                          UI...
Custom URL Schemes               •          Not cutting edge, but not always well-executed               •          Many a...
Custom URL Scheme                           Example                     googlechrome:                           Launches C...
Discovering Schemes               •          iHasApp open source framework               •          Correlates Schemes and...
App IDs               •          iTunes Preview                          https://itunes.apple.com/us/app/chrome/id53588682...
Scheme “Actions”               • handleOpenURL website                  • Search scheme index                          sky...
Schemes to the Extreme               •          akosma software web page               •          URL encoding tips       ...
“App Launcher” Apps                   •      Launch Center Pro   •   Simple Launcher                   •      Launch+     ...
"App Launcher"                                Typical Features                   •      Pre-canned schemes &          •   ...
Your very own                               URL scheme                   • Choosing a “unique” scheme name                ...
Registering Scheme                                   with iOS               •          E.g., myApp-Info.plist             ...
Handling Received URL               • Delegate callback API                          UIApplicationDelegate -              ...
“Parsing” the URL               •          Call component methods on(NSURL      *)url                          [url scheme...
App Startup               •          A.k.a. “launching” vs. returning from background               •          Delegate ca...
Smart App Banners               •          Displays promotional banner on web page                          <meta name="ap...
Return to Sender               • Facebook scheme format:                          fb<ID>:      E.g. ,   fb165260790249214:...
x-callback-url               • Encourages services that perform and return               • Standardizes service API struct...
How it Works                          •   App “launch” via URL scheme used for both directions                          • ...
Service API Structure                          [scheme]://[host]/[action]?[x-callback parameters]&[action parameters]     ...
Terminology App               • Legacy lookup                          terminology://heavy               • Modern, but no ...
Terminology                                        Return Result               •          Request return (unencoded)      ...
URL Encoding               •          Basic URL encoding                          terminology://x-callback-url/lookup?text...
Demo               • XCallbackURL open source test app                               Replace “Heavy”                      ...
Just when your ‘intent’                  was to go back into the                          water!Wednesday, March 20, 13   ...
Intent-Based Attacks                  •       Unauthorized Intent Receipt                  •       Broadcast Theft        ...
Unauthorized Intent                              Reception                   • Broadcast Theft                     • Eaves...
Intent Spoofing                   • Malicious Broadcast Injection                   • Malicious Activity Launch            ...
How hard is this?                   • apktool                    • https://code.google.com/p/android-                     ...
How hard?•Get apktool.jar   •https://code.google.com/p/android-apktool/•Get your apk files•java -r apktool.jardecode ..Wedn...
Look at that!                 Our manifest, our resources.                     Oh the humanity!                           ...
Security                  • Don’t mess with peoples data if you don’t have                          to.                  •...
iOS Scheme Security                   • URLs inherently insecure                   • No HTTPS equivalentWednesday, March 2...
Hacking URL schemes                   •      iOS handling of duplicates                   •      Masquerading as client   ...
What can be done?                   •      Encrypt URL after scheme: (or schemes:// ?)                          •   Shared...
Keychain Services               • Create Entitlements.plist                  • Add keychain-access-group               • A...
I have just one question...                                   Huh?Wednesday, March 20, 13                    86
Thank you!          On the Android banjo and security        On the iOS banjo and network          mandolin:              ...
Sources        • Stackoverflow          • http://stackoverflow.com        • Android Developers Guide          • http://devel...
Sources        • Apple URL Scheme Reference              •    http://developer.apple.com/library/ios/#featuredarticles/   ...
Sources              • iHasApp - Installed App Detection                • http://www.ihasapp.com              • handleOpen...
Sources              • Launch Center Pro                • https://itunes.apple.com/us/app/launch-center-pro/id532016360?mt...
Sources              • App Gate                • https://itunes.apple.com/us/app/app-gate./id566901497?mt=8              •...
Sources              • Promoting Apps with Smart App Banners                   •      http://developer.apple.com/library/i...
Sources              • x-callback-url                • http://x-callback-url.com              • tapsandswipes/InterAppComm...
Sources              • iOS Keychain: Sharing data between apps                • http://shaune.com.au/ios-keychain-sharing-...
Upcoming SlideShare
Loading in...5
×

Dueling Banjos: Inter-app Communication

2,283

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,283
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
17
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Dueling Banjos: Inter-app Communication "

  1. 1. Dueling Banjos (Inter-App Communication) Michael Dorin Dan RatcliffWednesday, March 20, 13 1
  2. 2. Agenda • Introduction • That was my Intent! o Android Inter-App Communication o Bound and Determined • UR’all that… and more! o iOS Inter-App Communication • Android Security • IoS SecurityWednesday, March 20, 13 2
  3. 3. Introduction • Inter-application communication promotes development of feature rich applications • Developers leverage existing services to create rich, ‘seamless’ applicationsWednesday, March 20, 13 3
  4. 4. Introduction • Android and iOS provide messaging systems for communications within and between applications • These message systems also facilitate attacksWednesday, March 20, 13 4
  5. 5. Android Vocabulary • Applications are...Built upon components • Components o Activity o Service o Broadcast Receiver o Content Provider • Inter-app communicationsWednesday, March 20, 13 5
  6. 6. Processes and Threads • Application startup • Android creates a Linux process with a single thread of execution • You can (and probably will) create more than a single thread of execution • By default, all components of the same application run in the same processWednesday, March 20, 13 6
  7. 7. Activity Activity System Service Service Component Data PathsWednesday, March 20, 13 7
  8. 8. That was my intent • Intents launch activities and “Intents are system messages, running services around the inside of the device, notifying applications of various events, from • Intents can hold data hardware state changes (e.g.,an SD card was inserted), to incoming data (e.g., an SMS message arrived),to application events (e.g., your activity was launched from the device’s main menu).” http://android.programmerguru.com/android- intent-example/Wednesday, March 20, 13 8
  9. 9. Thats ‘intents’ • You may transmit Data in Intents • You may return Data in Intents • Implicit intents can launch a variety of activities or services • Explicit intents explicitly launch one particular activity or serviceWednesday, March 20, 13 9
  10. 10. Intent Constructors Intent() Create an empty intent. Creates an Intent(String action) ‘implicit’ intent Create an intent with a given action. Intent(String action, Uri uri) Create an intent with a given action and for a given data url. Intent(Context packageContext, Class<?> cls) Create an intent for a specific component. Creates an ‘explicit’ intentWednesday, March 20, 13 10
  11. 11. Implicit Intent Intent(String action, Uri uri) The primary pieces of information in an intent are: • action -- The general action to be performed, such as ACTION_VIEW, ACTION_EDIT, ACTION_MAIN, etc. • data -- The data to operate on, such as a person record in the contacts database, expressed as a Uri.Wednesday, March 20, 13 11
  12. 12. Examples:• ACTION_VIEW content://contacts/people/1 -- Display information about the person whose identifier is "1".• ACTION_DIAL content://contacts/people/1 -- Display the phone dialer with the person filled in.• ACTION_VIEW tel:123 -- Display the phone dialer with the given number filled in. Note how the VIEW action does what what is considered the most reasonable thing for a particular URI.• ACTION_DIAL tel:123 -- Display the phone dialer with the given number filled in.• ACTION_EDIT content://contacts/people/1 -- Edit information about the person whose identifier is "1".• ACTION_VIEW content://contacts/people/ -- Display a list of people, which the user can browse through. This example is a typical top-level entry into the Contacts application, showing you the list of people. Selecting a particular person to view would result in a new intent {ACTION_VIEW content://contacts/N } being used to start an activity to display that person. http://developer.android.com/reference/android/content/Intent.htmlWednesday, March 20, 13 12
  13. 13. Explicit Intent Intent(Context packageContext, Class<?> cls) The primary pieces of information in an intent are: Context -- package context where the class you wish to invoke resides Class -- name of the classWednesday, March 20, 13 13
  14. 14. Additional attributes • category -- Gives additional information about the action to execute. • type -- Specifies an explicit type (a MIME type) of the intent data. • component -- Specifies an explicit name of a component class to use for the intent. • extras -- This is a Bundle of any additional informationWednesday, March 20, 13 14
  15. 15. EasyActivity.java Example: Explicit Intent Activity Launched Intra-App Context intent = new Intent(this, com.chaski.mobilemarchexample.EasyActivity.class); startActivity(intent); Class Implementing ActivityWednesday, March 20, 13 15
  16. 16. Example: Activity launched, now launch a service!Explicit IntentService LaunchedIntra-App @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.easy_layout); Intent intent = new Intent(this, com.chaski.mobilemarchexample.EasyService.class); intent.putExtra("messenger", messenger); startService(intent); } messenger See EasyActivity.javaWednesday, March 20, 13 16
  17. 17. Inside the Service (EasyService.java) @Override public int onStartCommand(Intent intent, int flags, int startId) { Messenger messenger = intent.getParcelableExtra("messenger"); MyRunnable mr = new MyRunnable(messenger); Thread t = new Thread(mr); grab messenger t.start(); return Service.START_STICKY; } .... Message message = Message.obtain(null, 1, 0, 0); try { Bundle data = new Bundle(); data.putString("mystring", "myvalue:"+i); within myRunnable message.setData(data); messenger.send(message); } catch (RemoteException e) { } ...Wednesday, March 20, 13 17
  18. 18. Activity Handlerpackagpublic class EasyActivity extends Activity { MyHandler handler = new MyHandler(); Messenger messenger = new Messenger(handler); ....... class MyHandler extends Handler { @Override public void handleMessage(Message msg) { switch (msg.what) { case 1: String mydata = msg.getData().getString("mystring"); Toast.makeText(getApplicationContext(), "Got Message:"+mydata, Toast.LENGTH_SHORT).show(); break; case 2: Toast.makeText(getApplicationContext(), "EasyService has ended", Toast.LENGTH_SHORT).show(); default: super.handleMessage(msg); } } }} See EasyActivity.java Wednesday, March 20, 13 18
  19. 19. So far • 2 Examples • Launch activity with explicit intent and no expectation of returned data • Launch service with explicit intent with expectation of data passed via messenger/handlerWednesday, March 20, 13 19
  20. 20. Next example • startActivityForResult - Expect a result from the calling activity • new activity registers for broadcast receiver • new activity starts a service • service finishes, sends message via broadcast • Activity finishes and returns resultWednesday, March 20, 13 20
  21. 21. Example 3: Explicit Intent Activity Launched Intra-App intent = new Intent(this, com.chaski.mobilemarchexample.TrivialActivity.class); startActivityForResult(intent,72); requestCode @Override protected void onActivityResult(int requestCode, int resultCode, Intent data) { String retData = data.getStringExtra("result"); String giantToastString = "onActivityResult-requestCode:"+requestCode+ " " +"onActivityResult-resultCode:"+resultCode+" "+"returnedData:"+retData; Toast.makeText(this, giantToastString,Toast.LENGTH_SHORT).show(); ... } MainActivity.javaWednesday, March 20, 13 21
  22. 22. *You can do the same thing with a service *It takes a couple Extra Steps though *See simpleActivity.java/simpleService.javaWednesday, March 20, 13 22
  23. 23. @Override TrivialActivity.javapublic void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.trivial_layout); receiver = new ResponseReceiver(); registerReceiver(receiver, new IntentFilter("com.chaski.mobilemarchexample.TrivialActivity.broadcast.update")); Intent intent = new Intent(this,com.chaski.mobilemarchexample.TrivialService.class); this.startService(intent);} TrivialService will communication through a BroadcastReceiverclass ResponseReceiver extends BroadcastReceiver { @Override public void onReceive(Context context, Intent intent) { Toast.makeText(getApplicationContext(), "TrivialService has ended", Toast.LENGTH_SHORT).show(); } } Or use a BroadcastReceiverWednesday, March 20, 13 23
  24. 24. Response via Broadcast @Override public int onStartCommand(Intent intent, int flags, int startId) { MyRunnable mr = new MyRunnable(); Thread t = new Thread(mr); t.start(); return Service.START_STICKY; } ... public void SendBroadcast(Boolean result, String Msg) { Intent i = new Intent(); i.setAction("com.chaski.mobilemarchexample.TrivialActivity.broadcast.update"); i.putExtra("result", result); i.putExtra("message", Msg); this.sendBroadcast(i); } TrivialService.javaWednesday, March 20, 13 24
  25. 25. Bound and Determined Bound Service • The server in a client-server interface. • Allows components to send requests and receive responses • Typically does not run in the background indefinitelyWednesday, March 20, 13 25
  26. 26. Bound Services • A bound service allows other applications to bind to..to interact with it. • You must implement the onBind()callback • This method returns an IBinder object that defines the programming interface that clients can use to interact with the service.Wednesday, March 20, 13 26
  27. 27. Bound Services • We can use messages as before • We can invoke functions directlyWednesday, March 20, 13 27
  28. 28. Step 1- Make Service final Messenger myMessenger = new Messenger(new MessageHandler()); @Override public IBinder onBind(Intent intent) { Communicating via a messenger return myMessenger.getBinder(); } See BoundMessageService.java public class LocalBoundServiceBinder extends Binder { LocalBoundService getService() { return LocalBoundService.this; } You } Communicating via local methods need a @Override public IBinder onBind(Intent intent) { binder! return binder; See LocalBoundService.java }Wednesday, March 20, 13 28
  29. 29. Make a connection, Start the service! localBoundServiceConnection = new LocalBoundServiceConnection(); intent = new Intent(this, com.chaski.mobilemarchexample.LocalBoundService.class); boundServiceBound = bindService(intent, localBoundServiceConnection, Context.BIND_AUTO_CREATE); class BoundMessageServiceConnection implements ServiceConnection { public void onServiceDisconnected(ComponentName name) { Log.i(TAG, "Service Disconnected"); } public void onServiceConnected(ComponentName name, IBinder service) { messageBinder = (IBinder) service; myMessenger = new Messenger(service); } BoundActivity.java };Wednesday, March 20, 13 29
  30. 30. Use the service localBoundService.getRandomNumber(); BoundActivity.java /** method for clients */ public int getRandomNumber() { return mGenerator.nextInt(100); } BoundService.javaWednesday, March 20, 13 30
  31. 31. AIDL • Previous examples work well for services local to application. • If you want to expose a service for other applications, you need an AIDL file. package com.chaski.mobilemarchexample; interface AIDLServiceaidl { Looks just like an interface file! int add(in int value1, in int value2, out int[] value3); } AIDLServiceaidl.aidlWednesday, March 20, 13 31
  32. 32. class AidlServiceConnection implements ServiceConnection { public void onServiceConnected(ComponentName name, IBinder boundService) { service = AIDLServiceaidl.Stub.asInterface((IBinder) boundService); Log.i(TAG, "onServiceConnected() connected"); } public void onServiceDisconnected(ComponentName name) { service = null; Log.i(TAG, "onServiceDisconnected() disconnected"); } } Connection looks nearly the sameWednesday, March 20, 13 32
  33. 33. AIDL Use is almost the same int res = 0; int[] value3 = new int[3]; try { res = service.add(1, 2, value3); } catch (RemoteException e) { // TODO Auto-generated catch block e.printStackTrace(); } See AidlActivity.java Note: parameters can be used to pass data backWednesday, March 20, 13 33
  34. 34. What about implicit intents, leveraging other peoples applications and reducing developer burden?Wednesday, March 20, 13 34
  35. 35. Lights Camera Action! Action intent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE); startActivityForResult(intent, 987654321); Request Code protected void onActivityResult(int requestCode, int resultCode, Intent intent) { if (requestCode == 987654321) { Bundle extras = intent.getExtras(); Bitmap bitmap = (Bitmap) extras.get("data"); } }Wednesday, March 20, 13 35
  36. 36. Implicit via category intent = new Intent(); intent.setAction(Intent.ACTION_MAIN); intent.addCategory(Intent.CATEGORY_APP_EMAIL); * In this example, we want an application that can handle email. We don’t care which one.Wednesday, March 20, 13 36
  37. 37. Implicit Intents • Work from intent filters • You can define your ownWednesday, March 20, 13 37
  38. 38. Example Implicit via custom category intent = new Intent(); intent.setAction(Intent.ACTION_MAIN); intent.addCategory("jeb"); * category is custom, named jeb! * Application that handles “jeb” needs this intent-filter in the manifest You always need a default <intent-filter> <action android:name="android.intent.action.MAIN" /> <category android:name="android.intent.category.DEFAULT"/> <category android:name="jeb"/> </intent-filter>Wednesday, March 20, 13 38
  39. 39. Example Implicit Intent via URI Data Uri uri = Uri.parse("imdb:///find?q=godfather"); intent = new Intent(android.content.Intent.ACTION_VIEW, uri); startActivity(intent); ActionWednesday, March 20, 13 39
  40. 40. Example Implicit Intent via Custom URI <intent-filter> <action android:name="android.intent.action.VIEW" /> <category android:name="android.intent.category.DEFAULT" /> <data android:scheme="ted"/> </intent-filter> Our Custom URI Intent sender code: Uri uri = Uri.parse("ted:"); intent = new Intent(android.content.Intent.ACTION_VIEW, uri); startActivity(intent);Wednesday, March 20, 13 40
  41. 41. <activity android:name=".MainActivity" android:label="@string/title_activity_main" android:exported="true"> <intent-filter> <action android:name="android.intent.action.MAIN" /> <category android:name="android.intent.category.LAUNCHER" /> </intent-filter> <intent-filter> <action android:name="com.chaski.ButtonCatcher.catch" /> <category android:name="android.intent.category.DEFAULT" /> </intent-filter> Intent <intent-filter> <action android:name="android.intent.action.MAIN" /> filters are <category android:name="android.intent.category.DEFAULT"/> <category android:name="android.intent.category.APP_EMAIL"/> </intent-filter> loaded into <intent-filter> Manifest <action android:name="android.intent.action.MAIN" /> <category android:name="android.intent.category.DEFAULT"/> <category android:name="jeb"/> </intent-filter> <intent-filter> <action android:name="android.intent.action.VIEW" /> <category android:name="android.intent.category.DEFAULT" /> Custom Intents <data android:scheme="ted"/> </intent-filter> </activity>Wednesday, March 20, 13 41
  42. 42. UR’all that… and more! iOS Inter-App Communication • Launching apps automatically via URLs • Providing services from your app • Sending values and returning results • Standardizing interfaces with x-callback-urlWednesday, March 20, 13 42
  43. 43. “Launching” Apps Manually • “Launching” from user context • App startup after install, power-up, kill, jettison, crash • Returning from background • Spring board (a.k.a Home Screen) • Tap app icon • Dock, Folders & Multitasking Bar • “Search iPhone” • Siri • Hold Home button and say app nameWednesday, March 20, 13 43
  44. 44. Launching Apps Automatically • URL schemes • E.g.,http://www.w3schools.com/ fb://friends • Document/file type support • Local notifications • Push notificationsWednesday, March 20, 13 44
  45. 45. Data Sharing via Network • Cloud service • E.g., Facebook, DropBox, proprietary • Allows non-iOS device and browser access • iCloud • Game Center • Push notificationsWednesday, March 20, 13 45
  46. 46. Data Sharing on Device • URL parameters • E.g.,http://maps.apple.com/?daddr=San+Francisco, +CA&saddr=cupertino • Keychain Services • Document/file type support • Pasteboards • Core Audio • Core MIDIWednesday, March 20, 13 46
  47. 47. Apple URL Schemes Safari http://www.yahoo.com https://www.wellsfargo.com Mail mailto:frank@wwdcdemo.example.com Phone tel:1-408-555-5555 Text sms:1-408-555-1212 Maps http://maps.apple.com/?daddr=San+Francisco, +CA&saddr=cupertino YouTube http://www.youtube.com/watch?v=2DSrJXQV9Og iTunes http://phobos.apple.com/WebObjects/MZStore.woa/wa/ viewAlbum?i=156093464&id=156093462&s=143441Wednesday, March 20, 13 47
  48. 48. In-App Services Native API Safari UIWebView Mail MFMailComposeViewController Phone Text MFMessageComposeViewController Map MKMapView YouTube UIWebView iTunesWednesday, March 20, 13 48
  49. 49. Launching App via HTML Link • HTML links <a href="tel:1-408-555-5555">Call your representative</a> • Safari and Email apps • UIWebViewWednesday, March 20, 13 49
  50. 50. Link Auto-Detection • Auto-detection of link-like text within HTML • Telephone numbers • URLs • Parse-able strings containing “://” • Missing “http://” prefixWednesday, March 20, 13 50
  51. 51. Launching app via Native API • Objective-C API UIApplication -canOpenURL: UIApplication -openURL: • Example NSURL *url = [NSURL URLWithString:@"tel:1-408-555-5555"]; if([[UIApplication sharedApplication] canOpenURL:url]) { [[UIApplication sharedApplication] openURL:url]; }Wednesday, March 20, 13 51
  52. 52. Custom URL Schemes • Not cutting edge, but not always well-executed • Many apps provide a “noun” to launch them yelp4:// flixter:// angrybirds-free:// angrybirds-hd-free:// • Fewer apps provide “verbs” to control them yelp:///search?terms=bars&location=sfWednesday, March 20, 13 52
  53. 53. Custom URL Scheme Example googlechrome: Launches Chrome app Opens new tab and navigates to googlechrome://www.yahoo.com http://www.yahoo.com googlechromes://www.wellsfargo.com Similar to https: googlechrome-x-callback://x-callback- url/open? x-success=myscheme%3A%2F%2F& Specifies display name and scheme of app for return x-source=MyApp& url=http%3A%2F%2Fwww.yahoo.comWednesday, March 20, 13 53
  54. 54. Discovering Schemes • iHasApp open source framework • Correlates Schemes and app IDs • schemeApps.json { ... "googlechrome": [535886823], "googlechromes": [535886823], "googledrive": [507874739], "googlegmail": [422689480], ... "yelp4.2": [284910350], "yelp4.4": [284910350], ... }Wednesday, March 20, 13 54
  55. 55. App IDs • iTunes Preview https://itunes.apple.com/us/app/chrome/id535886823?mt=8 • Look up http://itunes.apple.com/lookup?id=535886823 Returns JSON "trackId":535886823, "trackName":"Chrome" "artworkUrl60":"http://a1619.phobos.apple.com/us/r1000/064/ Purple2/v4/96/8d/ce/968dcef9-32d8-bf0b-2e86-a1c0e75c61af/ Icon.png",Wednesday, March 20, 13 55
  56. 56. Scheme “Actions” • handleOpenURL website • Search scheme index skype:thurston.howell.iii?call skype://lovey?chatWednesday, March 20, 13 56
  57. 57. Schemes to the Extreme • akosma software web page • URL encoding tips CFURLCreateStringByAddingPercentEscapes() preferred over NSString -stringByAddingPercentEscapesUsingEncoding: • Undocumented(?) Apple URL schemes • Google Maps, Music,Videos, App Store, iBooks, iBooks Store, Podcasts • Safer: comgooglemaps:// • Objective-C code examplesWednesday, March 20, 13 57
  58. 58. “App Launcher” Apps • Launch Center Pro • Simple Launcher • Launch+ • Simple Phone Launcher • Quickpick • Swipemint • Launcher • Speed U • App GateWednesday, March 20, 13 58
  59. 59. "App Launcher" Typical Features • Pre-canned schemes & • Access to non-scheme actions iOS features • Detection of installed apps • Scheduled notifications • Links to App Store • Organize favorites • Custom URLs • Icon management • Clipboard or user prompt • Download new URLs • In app for iOS features • Uni-directional; no returnWednesday, March 20, 13 59
  60. 60. Your very own URL scheme • Choosing a “unique” scheme name • No official master list beyond IANA • Priority among conflicts undefined • Cannot override Apple schemes • “googlechrome:” instead of “chrome:” • Search unofficial sources and “advertise” your own scheme!Wednesday, March 20, 13 60
  61. 61. Registering Scheme with iOS • E.g., myApp-Info.plist <key>CFBundleURLTypes</key> <array> ! <dict> ! ! <key>CFBundleURLName</key> ! ! <string>com.mydomain.myapp</string> ! ! <key>CFBundleURLSchemes</key> ! ! <array> ! ! ! <string>myscheme</string> ! ! </array> ! </dict> </array>Wednesday, March 20, 13 61
  62. 62. Handling Received URL • Delegate callback API UIApplicationDelegate - application:openURL:sourceApplication:annotation: • Example - (BOOL)application:(UIApplication *)application openURL:(NSURL *)url sourceApplication:(NSString *)sourceApplication annotation:(id)annotation { NSLog(@"%@", [url absoluteString]); return YES; }Wednesday, March 20, 13 62
  63. 63. “Parsing” the URL • Call component methods on(NSURL *)url [url scheme] NSString *theScheme = [url scheme] [url user] " [url password] " [url host] [url port] NSNumber *thePort = [url port] [url path] [url parameterString] [url query] [url fragment]Wednesday, March 20, 13 63
  64. 64. App Startup • A.k.a. “launching” vs. returning from background • Delegate callback API UIApplicationDelegate -application:didFinishLaunchingWithOptions: • Example - (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions { NSURL *url = [launchOptions valueForKey:UIApplicationLaunchOptionsURLKey]; NSLog(@"%@", [url absoluteString]); return YES; // Allow openURL to run }Wednesday, March 20, 13 64
  65. 65. Smart App Banners • Displays promotional banner on web page <meta name="apple-itunes-app" content="app-id=myAppStoreID, affiliate-data=myAffiliateData, app-argument=myURL"> Offers to take user to App or App Store as appropriate • E.g., “LinkedIn Connections” email on iPhone • Tapping button opens Safari “Sign in” page • If LinkedIn app is installed, banner appears offering to “OPEN” it • Tapping OPEN opens appWednesday, March 20, 13 65
  66. 66. Return to Sender • Facebook scheme format: fb<ID>: E.g. , fb165260790249214: • Google Chrome (as seen earlier) googlechrome-x-callback://x-callback-url/ • Terminology thesaurus lookup & selection terminology://x-callback-url/Wednesday, March 20, 13 66
  67. 67. x-callback-url • Encourages services that perform and return • Standardizes service API structure • Format and URL encoding • Inter-App Communication (IAC) • Taps & Swipes open source frameworkWednesday, March 20, 13 67
  68. 68. How it Works • App “launch” via URL scheme used for both directions • Server defines well-known scheme and service • Client specifies return scheme & delegates Client Server Need It theserverscheme:...?aclientscheme:...aclienttarget... Doing It aclientscheme:.../aclienttarget?theserverparameters Got ItWednesday, March 20, 13 68
  69. 69. Service API Structure [scheme]://[host]/[action]?[x-callback parameters]&[action parameters] • host x-callback-url • x-callback query parameters • App display name x-source • Success delegate x-success • Error delegate x-error • Cancel delegate x-cancelWednesday, March 20, 13 69
  70. 70. Terminology App • Legacy lookup terminology://heavy • Modern, but no return requested terminology://x-callback-url/lookup?text=heavyWednesday, March 20, 13 70
  71. 71. Terminology Return Result • Request return (unencoded) terminology://x-callback-url/replace? x-success=myscheme://x-callback-url/myReturnAction& x-source=MyAppName& text=heavy • Return Result myscheme://x-callback-url/myReturnAction? text=heavy& replaceWith=dense&Wednesday, March 20, 13 71
  72. 72. URL Encoding • Basic URL encoding terminology://x-callback-url/lookup?text=heavy%20metal • URL query parameters specify URLs terminology://x-callback-url/replace? x-success=myscheme://x-callback-url/myReturnAction& x-source=MyAppName& text=heavy • Must encode these nested URLs terminology://x-callback-url/replace? x-success=myscheme%3A%2F%2Fx-callback-url%2FmyReturnAction& x-source=MyAppName& text=heavyWednesday, March 20, 13 72
  73. 73. Demo • XCallbackURL open source test app Replace “Heavy” Replace with “Dense”Wednesday, March 20, 13 73
  74. 74. Just when your ‘intent’ was to go back into the water!Wednesday, March 20, 13 74
  75. 75. Intent-Based Attacks • Unauthorized Intent Receipt • Broadcast Theft • Activity Hijacking • Service Hijacking • Intent Spoofing • Malicious Broadcast InjectionWednesday, March 20, 13 75
  76. 76. Unauthorized Intent Reception • Broadcast Theft • Eavesdropper can silently read contents of a broadcast without interrupting broadcast • Attacker could launch denial of service or data injection attack • Ordered Broadcasts can be subject toWednesday, March 20, 13 76
  77. 77. Intent Spoofing • Malicious Broadcast Injection • Malicious Activity Launch • Malicious Service LaunchWednesday, March 20, 13 77
  78. 78. How hard is this? • apktool • https://code.google.com/p/android- apktool/ • dare • http://siis.cse.psu.edu/dare/index.htmlWednesday, March 20, 13 78
  79. 79. How hard?•Get apktool.jar •https://code.google.com/p/android-apktool/•Get your apk files•java -r apktool.jardecode ..Wednesday, March 20, 13 79
  80. 80. Look at that! Our manifest, our resources. Oh the humanity! TextWednesday, March 20, 13 80
  81. 81. Security • Don’t mess with peoples data if you don’t have to. • When sending private data, use explicit intents • Internal Intents should always be explicit! • Strong permissions be used. As strong as possible. • Review signature permissionsWednesday, March 20, 13 81
  82. 82. iOS Scheme Security • URLs inherently insecure • No HTTPS equivalentWednesday, March 20, 13 82
  83. 83. Hacking URL schemes • iOS handling of duplicates • Masquerading as client • Masquerading as server • Misrouting callbacks • Discovering schemes • Discovering apps • Non-App Store hacking toolsWednesday, March 20, 13 83
  84. 84. What can be done? • Encrypt URL after scheme: (or schemes:// ?) • Shared secret • Public key cryptography • Encrypted data must be “URL parseable” by iOS and URL encoded • Send encrypted data out of band • E.g., iOS Keychain Services • Shared keychainWednesday, March 20, 13 84
  85. 85. Keychain Services • Create Entitlements.plist • Add keychain-access-group • ANSI C API CFDictionaryRef bridged from NSMutableDictionary OSStatus SecItemAdd(CFDictionaryRef attributes, CFTypeRef *result) OSStatus SecItemCopyMatching(CFDictionaryRef query, CFTypeRef *result)Wednesday, March 20, 13 85
  86. 86. I have just one question... Huh?Wednesday, March 20, 13 86
  87. 87. Thank you! On the Android banjo and security On the iOS banjo and network mandolin: protocol fiddle: Michael Dorin Dan Ratcliff dorinmike@gmail.com dan_ratcliff@yahoo.com www.linkedin.com/in/michaeldorin http://www.linkedin.com/in/danratcliffWednesday, March 20, 13 87
  88. 88. Sources • Stackoverflow • http://stackoverflow.com • Android Developers Guide • http://developer.android.com/guide • Intent and Intent Filters, by Sang Shin and Michèle Garoche • http://documents.cofares.net/miroires/AndroidPourValeurC/8-android_intent.pdf • Systems and Internet Infrastructure Security, Dare • http://siis.cse.psu.edu/dare/installation.html • Analyzing Inter-Application Communication in Android • http://www.cs.berkeley.edu/~afelt/intentsecurity-mobisys.pdfWednesday, March 20, 13 88
  89. 89. Sources • Apple URL Scheme Reference • http://developer.apple.com/library/ios/#featuredarticles/ iPhoneURLScheme_Reference/Introduction/Introduction.html%23//apple_ref/doc/uid/ TP40007891-SW1 • Communicating with Other Apps • http://developer.apple.com/library/ios/#documentation/iphone/conceptual/ iphoneosprogrammingguide/AdvancedAppTricks/AdvancedAppTricks.html • iPhone Apps | Yelp for Developers • http://www.yelp.com/developers/documentation/iphone • Opening Links in Chrome for iOS • https://developers.google.com/chrome/mobile/docs/ios-linksWednesday, March 20, 13 89
  90. 90. Sources • iHasApp - Installed App Detection • http://www.ihasapp.com • handleOpenURL: Shared App Communication on iOS • http://handleopenurl.com • Skype URI Handler • http://dev.skype.com/desktop-api-reference#URI • IPhone URL Schemes - akosma wiki • http://wiki.akosma.com/IPhone_URL_Schemes • Googles New iOS Maps App and URL Scheme • http://www.pureoxygenmobile.com/googles-new-maps-ios-app-and-url-scheme/Wednesday, March 20, 13 90
  91. 91. Sources • Launch Center Pro • https://itunes.apple.com/us/app/launch-center-pro/id532016360?mt=8 • Launch+ • https://itunes.apple.com/us/app/launch+/id500606931?mt=8 • Quickpick • http://www.neoos.ch/https://itunes.apple.com/us/app/id483079724/quickpick • Launcher • https://itunes.apple.com/us/app/launcher-quick-actions-shortcuts!/id511645204? mt=8 • Speed U • https://itunes.apple.com/us/app/speed-u/id510914771?mt=8Wednesday, March 20, 13 91
  92. 92. Sources • App Gate • https://itunes.apple.com/us/app/app-gate./id566901497?mt=8 • Simple Launcher • https://itunes.apple.com/us/app/simple-launcher-for-ipad-launch/id467950393? mt=8&ign-mpt=uo%3D2 • Simple Phone Launcher • https://itunes.apple.com/hk/app/simple-phone-launcher-launch/id430233514?mt=8 • Swipemint • https://itunes.apple.com/us/app/swipemint-fastest-simple-launcher/id540044893? mt=8 • URI Scheme •Wednesday, March 20, 13 http://en.wikipedia.org/wiki/URI_scheme 92
  93. 93. Sources • Promoting Apps with Smart App Banners • http://developer.apple.com/library/ios/#documentation/AppleApplications/ Reference/SafariWebContent/PromotingAppswithAppBanners/ PromotingAppswithAppBanners.html • Share an App ID Across Apps - Facebook Developers • http://developers.facebook.com/docs/howtos/share-appid-across-multiple-apps-ios- sdk/ • Terminology Developers - Agile Tortoise • http://agiletortoise.com/terminology-developers/ • Opening Links in Chrome for iOS • https://developers.google.com/chrome/mobile/docs/ios-linksWednesday, March 20, 13 93
  94. 94. Sources • x-callback-url • http://x-callback-url.com • tapsandswipes/InterAppCommunication - GitHub • https://github.com/tapsandswipes/InterAppCommunication • Taps and Swipes • http://tapsandswipes.com • Terminology • https://itunes.apple.com/us/app/terminology/id380288546?mt=8 • agiletortoise/XCallbackURL - GitHub • https://github.com/agiletortoise/XCallbackURLWednesday, March 20, 13 94
  95. 95. Sources • iOS Keychain: Sharing data between apps • http://shaune.com.au/ios-keychain-sharing-data-between-apps/ • Keychain Services Programming Guide • https://developer.apple.com/library/ios/#documentation/security/conceptual/ keychainServConcepts/iPhoneTasks/iPhoneTasks.html%23//apple_ref/doc/uid/ TP30000897-CH208-SW1 • Audiobus • http://audiob.us • Dueling Banjos • http://www.youtube.com/watch?v=Vj9ghC2SgbYWednesday, March 20, 13 95
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×