The independent expert on information security Itesh Dhanjani says in his blog that the decision of Apple allowing the built in Safari browser to handle requests from third applications is a bad idea because it allows to conduct attacks as a result of which the smartphone can be done dialing without the user’s knowledge.
According to him, the site visited by the Safari browser of the iPhone, it is possible to embed malicious iFrame, which will install malicious code hidden in an application. Alternatively, malicious code can not be embedded in the iFrame, but a hyperlink.
However, a user who clicked on a dangerous link will see the start of recruitment and will be able to break it manually.
Dhanjani informed Apple about the problem and the company stated that all certified applications for the iPhone seek permission before launching a procedure of this kind. However, in this case, applications seeking authorization only after the user has entered and exclude or limit Safari, he retorts.
According to independent IT professionals, decision in this case can be built of special URL-schemes, which is disabled in your browser implementation or activation, which can be done only with the consent of the user.