Cross-app messaging allows communication between a browser window (Requester) and a native application (Provider). For example, a web page may wish to read bluetooth data from the users smartphone.
- A native data provider app is installed on the phone, and registered to a unique protocol handler. For example, "bthack:---".
- Requester generates a secure random key (or loads the existing key cookie).
- Requester sends a one-way "access requested" message to Provider via the protocol handler
- Requester waits a few seconds for Provider to boot up
- Requester & provider establish a WebSockets connection
- Provider re-affirms its identify key via WebSockets
- If Requester key is inappropriate, Provider sends Requester some entropy, asks Requester to try again, and drops the connection.
- Provider asks user for access permissions
- Connection is dropped if not accepted by user
- Provider keeps running in background until sockets connection is terminated