iOS Security outline

Only a few pages into the iOS Security document released by Apple today, and already there’s a notable error.  It states:

Apps can’t share data directly with each other; sharing can be implemented only by both the receiving and sending apps using custom URL schemes, or through shared keychain access groups.

False, at least partially.  Apps can also share data without any real restrictions via pasteboards.  Unlike keychains, which can only be shared amongst apps from the same developer, pasteboards are accessible to any and all apps without any special privileges (or user notification).

Leave a Comment