Multiple applications installed on client devices, such as smartphones, personal computers, or laptops, can be deployed by a single publisher or developer. Applications published by a developer might have the need to securely communicate data between one another. In some instances, applications that are published by different developers might also have the need for secure communication between one another. For example, applications might share data between one another that is sensitive or requires data encryption, such as an authentication credential or keyed-hash message authentication (HMAC) token.
In some operating system environments, such as Windows 10®, the application programming interfaces (API's) provided by the operating system allow applications to communicate between one another in various ways. Some API's allow for secure application-to-application communication through an inter-process communication protocol. Other API's are insecure protocols. For example, the operating system might provide a token store or universal cookie jar where applications can store or retrieve authentication tokens for various uniform resource identifiers (URI's). For example, a browser application can store authentication cookies in the token store, and these authentication cookies can be accessed by other applications installed on the client device.
In many scenarios, communication between applications using a secure application-to-application communication API can be cumbersome for an application developer. The application-to-application API can require coding overhead of hurdles that must be cleared to initiate, use, and then terminate a communication session between applications. In many scenarios, communication through an insecure API provided by the operating system can be a desirable communication medium for applications to communicate certain data between one another due to the ease of using some of these API's for application developers.