Wednesday, July 22, 2015

iOS 9 to Block Abuses of -canOpenURL:

Juli Clover:

Currently, companies like Twitter and Facebook are able to see which apps you have downloaded on your iPhone or iPad, sometimes using that information to deliver targeted ads. In The Information’s example, Facebook and Twitter might use your app data to see that you have a lot of games downloaded, offering up an ad for a game you don't yet have installed.

Kurt Wagner (via Nick Heer):

Twitter announced on Wednesday that its advertisers can use that app information to target users with ads. Marketers will be able to see the different categories of apps you have downloaded onto your phone as well as how recently you downloaded them in order to understand what you’re interested in.

Greg Pierce:

The key bits regarding changes to URL schemes in iOS 9 is the Privacy and Your Apps session, starting at around the 9 minute mark under the heading “App Detection”.

There are two URL-related methods available to apps on iOS that are effected: canOpenURL and openURL. These are not new methods and the methods themselves are not changing. As you might expect from the names, “canOpenURL” returns a yes or no answer after checking if there is any apps installed on the device that know how to handle a given URL. “openURL” is used to actually launch the URL, which will typically leave the app and open the URL in another app.

Up until iOS 9, apps have been able to call these methods on any arbitrary URLs. Starting on iOS 9, apps will have to declare what URL schemes they would like to be able to check for and open in the configuration files of the app as it is submitted to Apple.


I have independent confirmation from several sources that these limitations are meant to only apply to “canOpenURL” and it is a bug that they are also effecting “openURL”. There are still implications, and many apps will need some updates, but that’s not so dramatic a change.


Even if that is the case, loss of the ability to call “canOpenURL” on arbitrary URLs will limit the user experience on many automation applications of URLs because an app has no way of testing if the URL can be opened successfully and will have to rely on the system to report errors.

Update (2015-07-22): Federico Viticci:

iOS 9 beta 4 has a new alert to confirm launching URL schemes for the first time. Choice is remembered later.

Update (2015-09-08): Keith Harrison:

With the schemes included in Info.plist everything works as before. When you link against iOS 9 you are not limited to 50 distinct schemes you just need to declare what you need in Info.plist. There seems to be no limit for how many schemes you can include but I would expect questions from the App Store review team if they think you are abusing the mechanism.

2 Comments RSS · Twitter

[…] Previously: iOS 9 to Block Abuses of -canOpenURL:. […]

[…] method “canOpenURL” to detect the presence of thousands of installed apps via custom schemes to serve targeted advertisements, later deemed a violation of privacy. In a similar way in-app browsers might also put too much […]

Leave a Comment