While I can understand companies like Twitter abusing the privacy of a user with canOpenURL, this change negatively impacts applications that want to opt into a system where app detection is a heavily-relied on feature. This is especially the case for enterprise apps that utilize a common library to do secure inter-app communication. Because this list of apps keeps growing, it's unfeasible to have every app using such a library to maintain the list of every other app's schemes.
I've posted a bug report on this but there hasn't been any feedback. I'm hoping this forum post could provide more visibility. I have a suggestion on a solution that doesn't compromise the privacy enhancement that comes with this change and yet would allow for app discovery:
Lets say you have apps A and B. Here is the relevant portion of their Info.plist:
App A:
<key>CFBundleURLTypes</key>
<array>
<dict>
<key>CFBundleURLName</key>
<string>CompanyASchemes</string>
<key>CFBundleURLSchemes</key>
<array>
<string>com.companyA.scheme</string>
<string>com.library.scheme.common</string>
</array>
</dict>
</array>
<key>LSApplicationQueriesSchemes</key>
<array>
<string>com.library.scheme.common</string>
</array>
App B:
<key>CFBundleURLTypes</key>
<array>
<dict>
<key>CFBundleURLName</key>
<string>CompanyBSchemes</string>
<key>CFBundleURLSchemes</key>
<array>
<string>com.companyB.scheme</string>
<string>com.library.scheme.common</string>
</array>
</dict>
</array>
<key>LSApplicationQueriesSchemes</key>
<array>
<string>com.library.scheme.common</string>
</array>
In this case, there's a scheme that's common to both. The purpose would be to have app A be able to call canOpenURL on App B's scheme (and vice versa) without having to manually enter each other's schemes in the Info.plist file. In other words, if App B came out to the app store later than App A, app A is still notified that App B is installed and "provisioned" (both apps send info saying they're installed to the same server) and can establish a secure communication channel. Generally speaking, these is no issue of discovering if an app is installed as this is done via libray/server communication, but rather the challenge is knowing when apps are no longer installed.
Apps that are not part of this enterprise ecosystem of apps (Twitter, et al) wouldn't gain much from scanning for the common scheme as this doesn't provide enough information about what actual apps are installed as this scheme would be utilized by a multitude of apps. Apps that are trying to scan for other apps in a way unbeknownst to the user would still have to whitelist the specific sheme of the app.
As an additianal privacy measure, there could be an alert presented to the user asking if an app should be allowed to know if another app exists for apps that share a common scheme.