Summary
The application fails to verify the sender of a URL-based Inter-Procedure Communication (IPC) call.
Explanation
When a third party application or webview uses a URL to communicate with your application, the receiving application should verify that the sender matches an allow list of applications that are expected to communicate with it. The receiving application has the option to verify the origin of the calling URL using the UIApplicationDelegate application:openURL:options: or UIApplicationDelegate application:openURL:sourceApplication:annotation: delegate methods. Best practices dictate that we should always verify the sender of an IPC call and check it against a list of expected origins as a security-in-depth control.
Summary The application fails to verify the sender of a URL-based Inter-Procedure Communication (IPC) call.
Explanation When a third party application or webview uses a URL to communicate with your application, the receiving application should verify that the sender matches an allow list of applications that are expected to communicate with it. The receiving application has the option to verify the origin of the calling URL using the UIApplicationDelegate application:openURL:options: or UIApplicationDelegate application:openURL:sourceApplication:annotation: delegate methods. Best practices dictate that we should always verify the sender of an IPC call and check it against a list of expected origins as a security-in-depth control.