Skip to content

Serve assetlinks.json for Android App Links #79

Description

@joemasilotti

The gem serves /.well-known/apple-app-site-association (AasaController), so a Universal Link, including one scanned from the iOS Camera app, opens the app instead of bouncing through Safari. Android has no equivalent: there is no assetlinks.json, no autoVerify intent filter, and no App Links support at all. Links that should open the app open the browser instead.

Two halves:

Gem. Serve /.well-known/assetlinks.json, mirroring AasaController: 404 unless the required config is present, Cache-Control: no-cache. The file needs the Android package name and the SHA-256 fingerprint of the signing certificate.

Native + build pipeline. Add an autoVerify intent filter to the Android manifest, templated with the app's host. AndroidProject#write_permissions_manifest already generates the manifest per build, so this is an extension of existing per-app templating rather than something new.

The design question is where the fingerprint comes from. With Play App Signing, Google re-signs the app with their own key, so the fingerprint that has to appear in assetlinks.json is the Play App Signing certificate from the Play Console, not the one from whatever keystore the cloud build used. The gem cannot derive it. It has to be supplied, most likely as a dashboard field next to the existing permission copy, which means resolving how the gem reads a platform-held value at request time.

Worth confirming before building: whether App Links are needed at all for a given app, or whether links are only ever followed from inside the app. That changes the scope.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    Backlog

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions