quickstart-ios icon indicating copy to clipboard operation
quickstart-ios copied to clipboard

Published 20 hours ago verified publisher icon firebase

Insecure IPC: Missing Sender Verification

Open Sneha0523 opened this issue 1 year ago • 0 comments

Summary The application fails to verify the sender of a URL-based Inter-Procedure Communication (IPC) call.

Explanation When a third party application or webview uses a URL to communicate with your application, the receiving application should verify that the sender matches an allow list of applications that are expected to communicate with it. The receiving application has the option to verify the origin of the calling URL using the UIApplicationDelegate application:openURL:options: or UIApplicationDelegate application:openURL:sourceApplication:annotation: delegate methods. Best practices dictate that we should always verify the sender of an IPC call and check it against a list of expected origins as a security-in-depth control. Screenshot 2024-05-28 at 2 55 17 PM Screenshot 2024-05-28 at 2 50 15 PM

Sneha0523 avatar May 28 '24 10:05 Sneha0523