Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Are Universal Links cached in iOS? Do they work offline?

Tags:

security

ios

https

ios-universal-links

applinks

I tested Universal Links in iOS by turning on Airplane mode and saw that the correct application was opened (instead of a website)

This indicates some level of "caching" the apple-app-site-association.

I want to determine the extent to which this is cached, so I can determine

  • What UX edge cases are there (e.g. Offline for x days)
  • What security considerations are there (e.g. MITM / SSLStrip + .well-known/URL)

etc.

Ideally I would like to have details if additional logic is employed (conditional caching if HTTPS employed, DNSSec, etc)

like image 523
makerofthings7 Avatar asked Dec 23 '16 17:12

makerofthings7

People also ask

How do universal links work iOS?

Universal links are available in iOS version 9 and above, and work even when the app isn't installed on a user's device. When tapping a link to your website without the app installed, the user will then be linked to your website in Safari. So, both your website and your app work for one URL.

Are universal links secure?

Specifically, universal links are: Unique. Unlike custom URL schemes, universal links can't be claimed by other apps, because they use standard HTTP or HTTPS links to your website. Secure.

Is Apple App site Association cached?

The apple-app-site-association file is cached once when the app is first installed. If this initial scrape fails, in almost all situations it will not be reattempted. The only exception to this is if the initial return is a 5xx error, in which case a limited number of retries may occur.

How do I test a universal link?

TEST THE UNIVERSAL LINKS Run the application on the simulator once to make sure the application is installed and running fine. 2. Keep the same simulator launched and running. Go to your simulator browser and open type the ngrok domain address i.e., https://1bd39880fbad.ngrok.io in my case.

1 Answers

The exact behavior here is (intentionally?) unclear from Apple. Here is my personal experience, gleaned partly from official documentation and partly from helping thousands of apps implement Universal Links at Branch.io.

  • The apple-app-site-association file is cached once when the app is first installed.
  • If this initial scrape fails, in almost all situations it will not be reattempted. The only exception to this is if the initial return is a 5xx error, in which case a limited number of retries may occur. This is not well-documented, and is not covered in Universal Links documentation at all. You can find a mention in the Shared Web Credentials docs.
  • The file is not checked at all when a Universal Link is opened. This is why you are able to get Universal Links behavior in airplane mode.
  • The file does not expire. Once it is cached, it sticks permanently for as long as the app is installed.
  • The file will be re-checked when installing an app update.
  • The file must be accessible via a valid SSL connection at either https://example.com/apple-app-site-association or https://example.com/.well-known/apple-app-site-association. If there are redirects of any kind, this will fail.
  • It is theoretically possible to MITM the request if you are able to install a new SSL certificate directly on the device in question. Charles Proxy for example uses this approach for debugging. I have never seen or heard of this being exploited, and the damage would be quite limited because the domain still has to be specified inside the app itself.
like image 53
Alex Bauer Avatar answered Sep 22 '22 21:09

Alex Bauer
Sign in to Comment

Related questions

duplicate symbols for architecture i386 [closed]
iOS: Simultaneous scale and 3D rotation animation
Xcode 4 and Interface Builder: Editing Vertical Spacing Constraint (Anchor Top, not Bottom)
Center coordinate of a set of CLLocationsCoordinate2D
How to display NSData with PDF content in iOS UIWebView?
Simple Sprite Kit Scene setup going wrong
cannot set background color of UITableViewCell in iOS6?
iOS 7 disable the swipe back
Warning about assigning to id<UITextFieldDelegate> when I'm conforming to the protocol
iPhone 3.5 Inch screen - 4 inch screen:
Embedding TableView in TableViewController into another view
Typewriter effect text animation
NSInvalidArgumentException reason: 'Storyboard doesn't contain a view controller with identifier 'CenterViewController''
Faster way to load image from an URL to image view in table view cell
swift pull to refresh
RealmSwift: Detach an object from Realm, including its properties of List type
How to change detail View in splitViewController programatically in Swift
Multiple CGAffineTransforms in Swift 3
Swift : How $0 works in Array.forEach?
How to calculate TextView height base on text

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!