App Extensions for iOS 8 in Depth
Apple recently announced app extensions for iOS 8, which allow developers to extend functionality and content beyond the boundaries of a single app.
Among the main iOS limitations that app extensions should allow to fix are the unnecessary duplication of data between applications created by the Open In system and the unavailability of alternative keyboards to Apple's. This state of things has been in stark contrast to what the Android platform has allowed users through widgets and custom keyboards.
One of the first possible misunderstandings that should be cleared up, though, is that iOS 8 app extensions are not the same as Android intents, says Andrew Cunningham writing for Ars Technica. According to Google' description,
An Intent provides a facility for performing late runtime binding between the code in different applications. Its most significant use is in the launching of activities, where it can be thought of as the glue between activities. It is basically a passive data structure holding an abstract description of an action to be performed.
Although for many use cases extensions could be indistinguishable from intents, the overall design of the app extension system in iOS 8 makes it differ rather significantly from intents.
Extension Life Cycle
As detailed in Apple documentation, an extension is a specialised binary that is delivered through a containing app. The containing app is only used for delivery and the extension runs independently of it. This notwithstanding, an iOS containing app is required to effectively provide some functionality in addition to the extension. On OS X such requirement is relaxed and a containing app is not required to provide any additional functionality.
As mentioned, an extension life cycle is completely unrelated to its containing app's and it comprises 4 steps:
- User chooses an app extension.
- System launches it.
- App extension runs.
- System kills app extension.
If two apps require the same extension to do some work, this happens in two independent extension processes.
The main motivations behind such approach are reducing memory usage and energy consumption through short-lived extensions and preventing that a failure in one extension may impact another app using the same extension.
Types of Extensions
There are several types of extensions, each of which is tied to an area of the system that is called an extension point:
- Today (aka Widget): get a quick update or perform a quick task in the Today view of Notification Center.
- Share: post to a sharing website or share content with other apps.
- Action: manipulate or view content within the context of another app.
- Photo Editing (iOS only): edit a photo or video within the Photos app.
- Finder (OS X only): present information about file sync states directly in Finder.
- Document Provider (iOS only): provide access to and manage a repository of files.
- Custom keyboard (iOS only): replace the iOS system keyboard with a custom keyboard for use in all apps.
Since each extension point is associated to usage policies and specific APIs, developers have to choose the appropriate extension point for the kind of functionality they want to provide. As an example, a keyboard extension by default "has no network access and cannot share a container with its containing app." Such limitation can be lifted by properly configuring the extension, but this also requires that the developer abides to specific networked keyboard guidelines contained in the App Store Review Guidelines and iOS Developer Program License Agreement.
Sandboxing and Security
As known, each iOS app lives inside of its own sandbox. A similar kind of requirement is also in force for OS X apps that are distributed through the Mac App Store, although many OS X apps are distributed outside of the Mac App Store and do not need comply with the sandbox requirement.
The sandbox is one of the cornerstone of Apple security strategy for iOS. A sandbox is meant to limit an app’s access to files, preferences, network resources, hardware, and so on, and its purpose is specifically to limit the damage that a compromised app can cause to the system.
An app extension runs in an even more restricted sandbox than a normal app, given that not all APIs available to apps can be used in extensions. An API that extensions cannot use is marked with an unavailability macro, such as
NS_EXTENSION_UNAVAILABLE, which will cause a failure at link time.
Furthermore, Apple imposes a few strict requirements to communication between an extension and other apps:
- The app that called for the extension, called the host app, cannot launch it; only the system can launch an extension.
- The host app talks with the extension directly once it has been launched.
- The host app never communicates directly with the containing app.
- An extension is not an app but is spawn by the system in its own separate process, thus it cannot affect the host app's execution context.
- To share data between a containing app and its extensions, both the containing app and its extensions must be part of an app group, which allows some data to be shared between the two of them in a third container outside of both apps' sandboxes.
As Ars Technica's Andrew Cunningham summarises it, the main end result of such rules is that an app cannot get into another app's sandbox. This is in contrast to Android, where Content Providers and Resolvers can still work together to provide apps with access to data in other apps.
App extensions have sparked a lot of interest among iOS developers. "Extension will have the biggest, most visible impact on the new operating system," says Cunningham.
MacStories' Federico Viticci has collected several developers' reactions to Apple announcement and says that "it's difficult to quantify the impact that extensions will have on the iOS app ecosystem, but ... considering developers' reactions to Apple's announcement, we're going to see plenty of cool new stuff this Fall."
On the other hand, security experts have warned that greater functionality often comes with greater risk. Security firm Symantec wrote: "we won’t know how effective these features will be until we see if attacks rise or fall when iOS 8 is released," all the while recognising that "based on the information currently available, there is a handful of security features that should enhance iOS devices’ protection levels."
John Altidor, Yannis Smaragdakis Mar 30, 2015