via MacStories & Daring Fireball:
Safari View Controller looks a lot like Safari: when users tap a web link in an app that uses Safari View Controller, they’ll be presented with a Safari page that displays the address bar at the top and other controls at the bottom or next to it – just like the regular Safari on the iPhone and iPad. There are two minor visual differences with Safari: when opened in Safari View Controller, the URL in the address bar will be grayed out to indicate it’s in read-only mode; and, a Safari button is available in the toolbar, so that users will be able to quickly jump to Safari if they want to continue navigation in the full browser.
and
At the same time, Apple is making sure that user privacy and security are highly valued in how Safari View Controller operates. Safari View Controller runs in a separate process from the host app, which doesn’t “see” the URL or navigation happening inside it. Therefore, Apple claims that Safari View Controller is entirely “safe”, as private user data stays in Safari and is never exposed to a third-party app that wants to open a link in it.
and
Because of this, Apple has been able to port many of the features that users know from Safari to any app that uses Safari View Controller in iOS 9. Safari View Controller shares cookies and website data with Safari, which means that if a user is already logged into a specific website in Safari and a link to that website is opened in Safari View Controller, the user will already be logged in.
and
But there’s more. Because Safari View Controller is Safari made available to an app, Apple can offer more than shared cookies and a familiar interface. Safari View Controller has access to iCloud Keychain’s password autofill, plus contact card and credit card autofill, Safari Reader, and the system share sheet for action and share extensions.
This sounds fantastic! Ever been in an app and clicked a link and instead of opening Safari, the app has an in-app browser that loads the web page? Safari View Controller aims to replace this and make life easier on developers, improving user experience and making users safer from dev spying on their keystrokes.
One item that isn’t clear if it’s fixed or not is the Twittelator developer’s comments that OAuth within Twitter apps is very weak because an in-app browser opens where the user types in their Twitter username and password and while this is happening, the developer could easily log the keystrokes to get user passwords essentially defeating the whole purpose of OAuth. Safari View Controller would eliminate this from what I can tell.
This is a great iOS 9 improvement.