In this section, we examine
common methods for retrieving content from other applications or by
third party services. The most prominent of these are “push
notifications” and the UIPasteboard API.
Push Notifications
Also new in version 3.0, Apple
has implemented the long-awaited “push notifications” feature, which
allows applications to provide users with notifications when they are
not running. To accomplish this, Apple has implemented its own web
service callable by remote sites, relying on actual notification
processing code to be run on a remote server. The device and push
service perform mutual certificate authentication; developers using the
push API also use certificates to authenticate with the API server. API
certificates are bound to a particular application bundle ID, and must
be stored on the server sending push notifications.
For example, the developer of a
chat application would need to implement chat client functionality as a
server process on a remote machine, sending messages to the Apple push
notification API when a user receives a new message. Notification types
can include pop-ups or incrementing a number next to a springboard icon.
When the application is started, it queries the new data from the
remote server.
This puts iPhone
application developers in the role of web service providers, having to
worry about scalability, web service security, and denial of service.
Although this is largely outside the scope of this book, these are areas
that developers wishing to implement push notifications should
consider.
It should be noted that
these messages are not guaranteed to be delivered; Apple’s servers will
continue retrying for a fair bit of time, but the transport should not
be considered
to be reliable, and should not be used for transporting time-sensitive
information or important data. In other words, this service should
generally be used for sending notifications that new data is available,
rather than only sending that data as part of the notification.
UIPasteboard
If you’ve written a desktop
application on OS X, you may be familiar with the UIPasteboard object.
UIPasteboards can be implemented to handle copying and pasting of
objects within an application, or to handle data to share among
applications. Copied and pasted data is stored in item groupings with
various representations—that is, a single item can be portrayed in
multiple ways. If, for example, you copy an image from a web page, you
can copy both the image and the URL to its location into the same
pasteboard item. The retrieving application can decide what data types
it wants to receive from the pasteboard.
The two main system
pasteboards are UIPasteboardNameGeneral and UIPasteboardNameFind. These
are used for generic copying and pasting between applications and for
storing search results, respectively. Developers can also create their
own custom pasteboards, for private use by the application or to share
data among related applications. This has been used as one method to
migrate data from a free version of an application to a paid version,
once the user has upgraded.
To use pasteboard
data between application restarts, the developer can use the persistent
pasteboard property. This will save out the pasteboard into the
application’s directory upon exit, recovering it upon restart. Because
this will be stored unencrypted on the iPhone’s file system, it’s
important not to use pasteboard persistence in applications where
sensitive data might be copied or pasted.
Here are some important considerations when dealing with UIPasteboards:
Use private
pasteboards for data that is only needed by one application, or for data
that may be sensitive. Check to see if your application ever displays
data to the user that you wouldn’t want another application to see.
Use
the persistent property sparingly. If sensitive data is selected and
copied, it will be written to local storage, where someone who has
gained illegitimate access can get to it.
Sanity-check
pasteboard contents. Any information carried on shared pasteboards
should be considered untrusted and potentially malicious; it needs to be
sanitized before use.
Avoid complex parsing of this data.
