Greetings!
I am currently working on Message Filtering iOS App extension: https://developer.apple.com/documentation/sms_and_call_reporting/sms_and_mms_message_filtering
We are using the approach to defer the query to an associated server: https://developer.apple.com/documentation/sms_and_call_reporting/ilmessagefilterextensioncontext/2880240-deferqueryrequesttonetwork
Although iOS ensures that no other app extension can make these requests to the server via associated domains feature, the security team is concerned a lot about creating an endpoint which has no client-server authentication at all (OAuth or bearer token authentication). It means that the endpoint may potentially be used by some thirdparty scripts, apps, etc, and we won't be able to distinguish this from valid clients on the backend.
I am aware of the note in documentation saying
For privacy reasons, the system handles all communication with your associated server; your Message Filter app extension can’t access the network directly.
Your app extension also can’t write data to containers shared with the containing app.
But maybe there is a way to add any client-server network authentication to requests made by deferring the message filter query to our server?
Thanks in advance,
Konstantin
