apple-app-site-associationwith the details. Then this file needs to be hosted in the root directory of your webserver (e.g. https://google.com/apple-app-site-association). For the pentester this file is very interesting as it discloses paths. It can even be disclosing paths of releases that haven't been published yet.
.entitlementsfile looking for
com.apple.developer.associated-domains. Each of the domains must be prefixed with
applinks:, such as
apple-app-site-associationfile from the server using the associated domains you got from the previous step. This file needs to be accessible via HTTPS, without any redirects, at
application:continueUserActivity:restorationHandler:. If you have the original project try searching for this method.
openURL:options:completionHandler:to open a universal link to the app's website, the link won't open in the app. As the call originates from the app, it won't be handled as a universal link.
NSUserActivityobject with an
NSUserActivityTypeBrowsingWeb. The activity object’s
webpageURLproperty contains the HTTP or HTTPS URL that the user accesses. The following example in Swift verifies exactly this before opening the URL:
NSURLComponentsAPI can be used to parse and manipulate the components of the URL. This can be also part of the method
application:continueUserActivity:restorationHandler:itself or might occur on a separate method being called from it. The following example demonstrates this: