Handoff between native apps and websites
Handoff allows an iOS, iPadOS or macOS native app to resume user activity on a web page in domains legitimately controlled by the app developer. It also allows the native app user activity to be resumed in a web browser.
To prevent native apps from claiming to resume websites not controlled by the developer, the app must demonstrate legitimate control over the web domains it wants to resume. Control over a website domain is established using the mechanism for shared web credentials. For details, see App access to saved passcodes. The system must validate an app’s domain name control before the app is permitted to accept user activity Handoff.
The source of a web page Handoff can be any browser that has adopted the Handoff APIs. When the user views a web page, the system advertises the domain name of the web page in the encrypted Handoff advertisement bytes. Only the user’s other devices can decrypt the advertisement bytes.
On a receiving device, the system detects that an installed native app accepts Handoff from the advertised domain name and displays that native app icon as the Handoff option. When launched, the native app receives the full URL and the title of the web page. No other information is passed from the browser to the native app.
In the opposite direction, a native app may specify a fallback URL when a Handoff receiving device doesn’t have the same native app installed. In this case, the system displays the user’s default browser as the Handoff app option (if that browser has adopted Handoff APIs). When Handoff is requested, the browser is launched and given the fallback URL provided by the source app. There is no requirement that the fallback URL be limited to domain names controlled by the native app developer.
Handoff of larger data
In addition to using the basic feature of Handoff, some apps may elect to use APIs that support sending larger amounts of data over Apple-created peer-to-peer Wi-Fi technology (in a similar fashion to AirDrop). For example, the Mail app uses these APIs to support Handoff of a mail draft which may include large attachments.
When an app uses this facility, the exchange between the two devices starts off just as in Handoff. However, after receiving the initial payload using Bluetooth Low Energy (BLE), the receiving device initiates a new connection over Wi-Fi. This connection is encrypted (with TLS), which exchanges their iCloud identity certificates. The identity in the certificates is verified against the user’s identity. Further payload data is sent over this encrypted connection until the transfer completes.