{
	"id": "08e89686-f4e2-42f3-8c84-389da0b54d89",
	"created_at": "2026-04-06T00:17:25.392454Z",
	"updated_at": "2026-04-10T13:12:12.296055Z",
	"deleted_at": null,
	"sha1_hash": "a5f092361f63b12dae9d15ea5aee66367a0084f9",
	"title": "Index -",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 45216,
	"plain_text": "Index -\r\nArchived: 2026-04-05 17:07:52 UTC\r\niOS URL Scheme Hijacking\r\nDescription\r\nThe application can register URI schemes to handle actions like single-sign-on, deep application linking or to\r\nperform cross-application communication.\r\nA malicious application can register a URI already in use by a genuine application and be able to intercept data\r\nintended for it, which can contain sensitive information like OAuth authorization codes or tokens.\r\nRecommendation\r\nTo mitigate risk of URL scheme hijacking on iOS, it is recommended to use iOS universal links.\r\nUniversal links prevent malicious application interception through a vetting process using standard web links\r\n(HTTP/HTTPS).\r\nFor instance, the Telegram app supports both custom URL schemes and universal links:\r\ntg://resolve?domain=fridadotre is a custom URL scheme and uses the tg:// scheme.\r\nhttps://telegram.me/fridadotre is a universal link and uses the https:// scheme.\r\nThis model ensures universal links are unique, and secure without sacrificing simplicity and flexibility.\r\nLinks\r\nMITRE ATT\u0026CK - URI Hijacking\r\nPrevent iOS URL Scheme Hijack\r\nStandards\r\nOWASP_MASVS_L1:\r\nMSTG_PLATFORM_3\r\nOWASP_MASVS_L2:\r\nMSTG_PLATFORM_3\r\nGDPR:\r\nART_5\r\nART_32\r\nPCI_STANDARDS:\r\nREQ_6_2\r\nhttps://docs.ostorlab.co/kb/IPA_URL_SCHEME_HIJACKING/index.html\r\nPage 1 of 2\n\nREQ_6_3\r\nREQ_11_3\r\nOWASP_MASVS_v2_1:\r\nMASVS_CODE_4\r\nSOC2_CONTROLS:\r\nCC_2_1\r\nCC_4_1\r\nCC_7_1\r\nCC_7_2\r\nCC_7_4\r\nCC_7_5\r\nCNIL_FOR_DEVELOPERS:\r\nDEVELOPERS_4_1_4\r\nHIPAA_CONTROLS:\r\nSECURITY221\r\nSECURITY212\r\nSECURITY213\r\nSource: https://docs.ostorlab.co/kb/IPA_URL_SCHEME_HIJACKING/index.html\r\nhttps://docs.ostorlab.co/kb/IPA_URL_SCHEME_HIJACKING/index.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://docs.ostorlab.co/kb/IPA_URL_SCHEME_HIJACKING/index.html"
	],
	"report_names": [
		"index.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434645,
	"ts_updated_at": 1775826732,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a5f092361f63b12dae9d15ea5aee66367a0084f9.pdf",
		"text": "https://archive.orkl.eu/a5f092361f63b12dae9d15ea5aee66367a0084f9.txt",
		"img": "https://archive.orkl.eu/a5f092361f63b12dae9d15ea5aee66367a0084f9.jpg"
	}
}