The gem serves /.well-known/apple-app-site-association (AasaController), so a Universal Link, including one scanned from the iOS Camera app, opens the app instead of bouncing through Safari. Android has no equivalent: there is no assetlinks.json, no autoVerify intent filter, and no App Links support at all. Links that should open the app open the browser instead.
Two halves:
Gem. Serve /.well-known/assetlinks.json, mirroring AasaController: 404 unless the required config is present, Cache-Control: no-cache. The file needs the Android package name and the SHA-256 fingerprint of the signing certificate.
Native + build pipeline. Add an autoVerify intent filter to the Android manifest, templated with the app's host. AndroidProject#write_permissions_manifest already generates the manifest per build, so this is an extension of existing per-app templating rather than something new.
The design question is where the fingerprint comes from. With Play App Signing, Google re-signs the app with their own key, so the fingerprint that has to appear in assetlinks.json is the Play App Signing certificate from the Play Console, not the one from whatever keystore the cloud build used. The gem cannot derive it. It has to be supplied, most likely as a dashboard field next to the existing permission copy, which means resolving how the gem reads a platform-held value at request time.
Worth confirming before building: whether App Links are needed at all for a given app, or whether links are only ever followed from inside the app. That changes the scope.
The gem serves
/.well-known/apple-app-site-association(AasaController), so a Universal Link, including one scanned from the iOS Camera app, opens the app instead of bouncing through Safari. Android has no equivalent: there is noassetlinks.json, noautoVerifyintent filter, and no App Links support at all. Links that should open the app open the browser instead.Two halves:
Gem. Serve
/.well-known/assetlinks.json, mirroringAasaController: 404 unless the required config is present,Cache-Control: no-cache. The file needs the Android package name and the SHA-256 fingerprint of the signing certificate.Native + build pipeline. Add an
autoVerifyintent filter to the Android manifest, templated with the app's host.AndroidProject#write_permissions_manifestalready generates the manifest per build, so this is an extension of existing per-app templating rather than something new.The design question is where the fingerprint comes from. With Play App Signing, Google re-signs the app with their own key, so the fingerprint that has to appear in
assetlinks.jsonis the Play App Signing certificate from the Play Console, not the one from whatever keystore the cloud build used. The gem cannot derive it. It has to be supplied, most likely as a dashboard field next to the existing permission copy, which means resolving how the gem reads a platform-held value at request time.Worth confirming before building: whether App Links are needed at all for a given app, or whether links are only ever followed from inside the app. That changes the scope.