kkarayannis
commented
4 years ago Thanks for reporting this. That app seems to have been taken down but we will switch to universal links to prevent cases like this in the future.
Open fotiDim opened 4 years ago
kkarayannis
commented
4 years ago Thanks for reporting this. That app seems to have been taken down but we will switch to universal links to prevent cases like this in the future.
arielsegura
commented
1 month ago @kkarayannis have you migrated to universal links?
This is really frustrating. I got a report from a user that my app was presenting a black screen on login. After investigation it turned out that the user had an app called XM (https://apps.apple.com/us/app/xm-musi-simple-music-streaming/id1493317998) which was apparently intercepting Spotify URLs and presenting a black screen while it was at it.
As there is no way to prevent 3rd parties from declaring to be able to open Spotify URLs, my proposal to mitigate this is to switch to universal links. Currently the SDK uses the
spotify-action://authorizecustom scheme and this needs to change to anhttpsscheme to prevent cases like this.I would also like to highlight the security aspect of it as the URL that XM receives includes:
Essentially, XM (accidentally or not) is performing session highjacking and this shouldn't be allowed.