Users following web links on devices are frequently presented with confusing choices. Tapping a link often results in the system asking the user which app should handle that link. For example, clicking a URI in an email from a bank might result in a dialog asking the user whether to use the browser, or the bank's own app, to open the link. Android 6.0 (API level 23) and higher allow an app to designate itself as the default handler of a given type of link. If the user doesn't want the app to be the default handler, they can override this behavior from Settings.
Automatic handling of links requires the cooperation of app developers and website owners. A developer must configure their app to declare associations with one or more websites, and to request that the system verify those associations. A website owner must, in turn, provide that verification by publishing a Digital Asset Links file. The general steps for creating verified app links are as follows:
The app links feature allows your app to become the default handler for the website URIs you specify, as long as the user has not already chosen a default app to handle that URI pattern. When a clicked link or programmatic request invokes a web URI intent, the Android system uses the following criteria, in descending order, to determine how to handle the request:
In case 2, if the user has newly installed the app, and the system has verified it as a handler for this type of link, the system sets the app as the default handler. In the other two cases, the presence of a verified app link handler has no effect on system behavior.
App links are based on the Intent framework, which enables apps to handle requests from the system or other apps. Multiple apps may declare the same web link URI patterns in their intent filters. When a user clicks on a web link that does not have a default launch handler, the platform selects an app to handle the request, using the criteria described in Understanding URI Request Handling.
To enable your app to handle links, use intent filters in your app manifest to declare the URI patterns that your app handles. The following example shows an intent filter that can handle links to {@code http://www.android.com} and {@code https://www.android.com}:
<activity ...>
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="http" />
<data android:scheme="https" />
<data android:host="www.android.com" />
</intent-filter>
</activity>
As this example shows, intent filters for app links must declare an {@code android:scheme} value of {@code http}, {@code https}, or both. The filter must not declare any other schemes. The filter must also include the {@code android.intent.action.VIEW} and {@code android.intent.category.BROWSABLE} category names.
This manifest declaration defines the connection between your app and a website. However, in order to have the system treat your app as the default handler for a set of URIs, you must also request that the system verify this connection. The next section explains how to implement this verification.
In addition to using intent filters to declare an association between your app and a website, your manifest must also include an additional declaration for requesting automatic verification. When this declaration is present, the Android system attempts to verify your app after installation. If the verification succeeds, and the user has not set an alternate preference for handling your website URIs, the system automatically routes those URI requests to your app.
The system performs app-link verifications by comparing the host names in the data elements of the app’s intent filters against the Digital Asset Links files ({@code assetlinks.json}) hosted on the respective web domains. To enable the system to verify a host, make sure that your intent filter declarations include the {@code android.intent.action.VIEW} intent action and {@code android.intent.category.BROWSABLE} intent category.
To enable link handling verification for your app, set the {@code android:autoVerify} attribute to {@code true} on at least one of the web URI intent filters in your app manifest, as shown in the following manifest code snippet:
<activity ...>
<intent-filter android:autoVerify="true">
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="http" android:host="www.android.com" />
<data android:scheme="https" android:host="www.android.com" />
</intent-filter>
</activity>
When the {@code android:autoVerify} attribute is present, installing your app causes the system to attempt to verify all hosts associated with the web URIs in all of your app's intent filters. The system treats your app as the default handler for the specified URI pattern only if it successfully verifies all app link patterns declared in your manifest.
The system must be able to verify every host specified in the app’s web URI intent filters’ data elements against the Digital Asset Links files hosted on the respective web domains. If any verification fails, the app is not verified to be a default handler for any of the web URI patterns defined in the app's intent filters. For example, an app with the following intent filters would fail verification if an {@code assetlinks.json} file were not found at both {@code https://www.domain1.com/.well-known/assetlinks.json} and {@code https://www.domain2.com/.well-known/assetlinks.json}:
<application>
<activity android:name=”MainActivity”>
<intent-filter android:autoVerify="true">
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="http" android:host="www.domain1.com" />
<data android:scheme="https" android:host="www.domain1.com" />
</intent-filter>
</activity>
<activity android:name=”SecondActivity”>
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="https" android:host="www.domain2.com" />
</intent-filter>
</activity>
</application
The Digital Asset Links protocol treats subdomains as unique, separate hosts. If your intent filter lists both the {@code www.example.com} and {@code mobile.example.com} subdomains as hosts, you must host a separate {@code assetlink.json} file on each subdomain. For example, an app with the following intent filter declaration would pass verification only if the website owner published valid {@code assetlinks.json} files at both {@code https://www.example.com/.well-known/assetlinks.json} and {@code https://mobile.example.com/.well-known/assetlinks.json}:
<application>
<activity android:name=”MainActivity”>
<intent-filter android:autoVerify="true">
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="http" android:host="www.example.com" />
<data android:scheme="https" android:host="mobile.example.com" />
</intent-filter>
</activity>
</application>
For app link verification to be successful, website owners must declare associations with apps. A site owner declares the relationship to an app by hosting a Digital Asset Links JSON file, with the name {@code assetlinks.json}, at the following well-known location on the domain:
https://domain[:optional_port]/.well-known/assetlinks.json
Important: The system verifies the JSON file via the encrypted HTTPS protocol. Make sure that your hosted file is accessible over an HTTPS connection, regardless of whether your app's intent filter includes {@code https}.
A Digital Asset Links JSON file indicates the Android apps that are associated with the website. The JSON file uses the following fields to identify associated apps:
$ keytool -list -v -keystore my-release-key.keystore
This field supports multiple fingerprints, which can be used to support different versions
of your app, such as debug and production builds.
The following example {@code assetlinks.json} file grants link-opening rights to a {@code com.example} Android app:
[{
"relation": ["delegate_permission/common.handle_all_urls"],
"target": {
"namespace": "android_app",
"package_name": "com.example",
"sha256_cert_fingerprints":
["14:6D:E9:83:C5:73:06:50:D8:EE:B9:95:2F:34:FC:64:16:A0:83:42:E6:1D:BE:A8:8A:04:96:B2:3F:CF:44:E5"]
}
}]
A website can declare associations with multiple apps within the same {@code assetlinks.json}
file. The following file listing shows an example of a statement file that declares association
with two apps, separately, and resides at
https://www.example.com/.well-known/assetlinks.json:
[{
"relation": ["delegate_permission/common.handle_all_urls"],
"target": {
"namespace": "android_app",
"package_name": "example.com.puppies.app",
"sha256_cert_fingerprints":
["14:6D:E9:83:C5:73:06:50:D8:EE:B9:95:2F:34:FC:64:16:A0:83:42:E6:1D:BE:A8:8A:04:96:B2:3F:CF:44:E5"]
}
},
{
"relation": ["delegate_permission/common.handle_all_urls"],
"target": {
"namespace": "android_app",
"package_name": "example.com.monkeys.app",
"sha256_cert_fingerprints":
["14:6D:E9:83:C5:73:06:50:D8:EE:B9:95:2F:34:FC:64:16:A0:83:42:E6:1D:BE:A8:8A:04:96:B2:3F:CF:44:E5"]
}
}]
Different apps may handle links for different resources under the same web host. For example, app1 may declare an intent filter for {@code https://example.com/articles}, and app2 may declare an intent filter for {@code https://example.com/videos}.
Note: Multiple apps associated with a domain may be signed with the same or different certificates.
Multiple websites can declare associations with the same app in their respective {@code assetlinks.json} files. The following file listings show an example of how to declare the association of domain1 and domain2 with app1. The first listing shows the association of domain1 with app1:
https://www.domain1.com/.well-known/assetlinks.json
[{
"relation": ["delegate_permission/common.handle_all_urls"],
"target": {
"namespace": "android_app",
"package_name": "com.mycompany.app1",
"sha256_cert_fingerprints":
["14:6D:E9:83:C5:73:06:50:D8:EE:B9:95:2F:34:FC:64:16:A0:83:42:E6:1D:BE:A8:8A:04:96:B2:3F:CF:44:E5"]
}
}]
The next listing shows the association of domain2 with app1. Only the very last line, which specifies the URL, is different:
https://www.domain2.com/.well-known/assetlinks.json
[{
"relation": ["delegate_permission/common.handle_all_urls"],
"target": {
"namespace": "android_app",
"package_name": "com.mycompany.app1",
"sha256_cert_fingerprints":
["14:6D:E9:83:C5:73:06:50:D8:EE:B9:95:2F:34:FC:64:16:A0:83:42:E6:1D:BE:A8:8A:04:96:B2:3F:CF:44:E5"]
}
}]
When implementing the app linking feature, you should test the linking functionality to make sure the system can associate your app with your websites, and handle URI requests, as you expect.
When testing, you should confirm the list of associated hosts that the system should verify for your app. Make a list of all web URIs whose corresponding intent filters include the following attributes and elements:
Use this list to check that a Digital Asset Links JSON file is provided on each named host and subdomain.
For each website, use the Digital Asset Links API to confirm that the Digital Asset Links JSON file is properly hosted and defined:
https://digitalassetlinks.googleapis.com/v1/statements:list? source.web.site=https://<domain1>:<port>& relation=delegate_permission/common.handle_all_urls
Once you have confirmed the list of websites to associate with your app, and you have confirmed that the hosted JSON file is valid, install the app on your device. Wait at least 20 seconds for the asynchronous verification process to complete. Use the following command to check whether the system verified your app and set the correct link handling policies:
adb shell am start -a android.intent.action.VIEW \
-c android.intent.category.BROWSABLE \
-d "http://<domain1>:<port>"
As part of your testing process, you can check the current system settings for link handling. Use the following command to get a listing of existing link-handling policies for all applications:
adb shell dumpsys package domain-preferred-apps --or-- adb shell dumpsys package d
Note: Make sure you wait at least 20 seconds after installation of your app to allow for the system to complete the verification process.
The command returns a listing of each user or profile defined on the device, preceded by a header in the following format:
App linkages for user 0:
Following this header, the output uses the following format to list the link-handling settings for that user:
Package: com.android.vending Domains: play.google.com market.android.com Status: always : 200000002
This listing indicates which apps are associated with which domains for that user:
Note: If a user changes the app link settings for an app before verification is complete, you may see a false positive for a successful verification, even though verification has failed. This verification failure, however, does not matter if the user explicitly enabled the app to open supported links without asking. This is because user preferences take precedence over programmatic verification (or lack of it). As a result, the link goes directly to your app, without showing a dialog, just as if verification had succeeded.
For app link verification to succeed, the system must be able to verify your app with all of the websites that you specify in your app’s intent filters, and that meet the criteria for app links. The following example shows a manifest configuration with several app links defined:
<application>
<activity android:name=”MainActivity”>
<intent-filter android:autoVerify="true">
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="http" android:host="www.example.com" />
<data android:scheme="https" android:host="mobile.example.com" />
</intent-filter>
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="http" android:host="www.example2.com" />
</intent-filter>
</activity>
<activity android:name=”SecondActivity”>
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="http" android:host="account.example.com" />
</intent-filter>
</activity>
<activity android:name=”ThirdActivity”>
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<data android:scheme="http" android:host="map.example.com" />
</intent-filter>
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="market" android:host="example.com" />
</intent-filter>
</activity>
</application>
The list of hosts that the platform would attempt to verify from the above manifest is:
www.example.com mobile.example.com www.example2.com account.example.com
The list of hosts that the platform would not attempt to verify from the above manifest is:
map.example.com (it does not have android.intent.category.BROWSABLE) market://example.com (it does not have either an “http” or “https” scheme)