8000 Mobile application is susceptible to URI scheme hijacking, because Universal Links and App Links features are not used · Issue #1899 · LiskHQ/lisk-mobile · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Mobile application is susceptible to URI scheme hijacking, because Universal Links and App Links features are not used #1899

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

8000 Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Tracked by #1368
Balanced02 opened this issue Jul 3, 2023 · 0 comments
Closed
Tracked by #1368

Mobile application is susceptible to URI scheme hijacking, because Universal Links and App Links features are not used #1899

Balanced02 opened this issue Jul 3, 2023 · 0 comments
Labels
type: security
Milestone
Sprint 68

Comments

@Balanced02
Copy link
Contributor

Description

The lisk-mobile app defines the a URI scheme for receiving messages from other apps on the device. URI schemes can be hijacked by another app if the malicious app registers the same scheme and is also installed on the device. Consequently, a rogue app could receive messages sent via URI schemes intended for lisk-mobile.
More secure linking features are Universal Links and App Links (for iOS and Android applications respectively). These links are bound to a web domain, making it impossible for a malicious application to register a domain that belongs to other applications.

Motivation

Mobile application is susceptible to URI scheme hijacking, because Universal Links and App Links features are not used

Additional Information

remove support for custom URL schemes and support only Universal Links and App Links. Implement procedures for proving ownership of the domain used for linking, and for keeping the domain available (ie, preventing domain hijacking attacks).
@sridharmeganathan sridharmeganathan added this to the Sprint 67 milestone Jul 3, 2023
@sridharmeganathan sridharmeganathan mentioned this issue Jul 4, 2023
Closed
97 tasks
@ManuGowda ManuGowda changed the title Implement Universal Links and App Links features Mobile application is susceptible to URI scheme hijacking, because Universal Links and App Links features are not used Jul 20, 2023
@Balanced02 Balanced02 mentioned this issue Jul 20, 2023
Merged
2 tasks
@github-project-automation github-project-automation bot moved this from Backlog to Done in Lisk Mobile Version 3.0.0 Jul 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: security
Projects
No open projects
Lisk Mobile Version 3.0.0
Status: Done
Milestone
Sprint 68
Development

When branches are created from issues, their pull requests are automatically linked.

1899-implement-universal-links-and-app-links-features LiskHQ/lisk-mobile
2 participants
@Balanced02 @sridharmeganathan
0