[Openid-specs-ab] Android 12: Web intent resolution

David Waite david at alkaline-solutions.com
Tue May 18 21:21:37 UTC 2021

Interesting - in the absence of a user chosen default it is most recent (rather than a prioritized list).

This seems like a marked improvement, although I do worry that they still seem to have the risk of third party, non-store apps using social engineering to MITM a web domain. That seems like a weakened model compared to even Chrome browser extensions.


> On May 18, 2021, at 12:57 PM, Tim Cappalli via Openid-specs-ab <openid-specs-ab at lists.openid.net> wrote:
> Web intent resolution  |  Android 12 Developer Preview <https://developer.android.com/about/versions/12/web-intent-resolution>
> Starting in Android 12, a generic web intent resolves to an activity in your app only if your app is approved for the specific domain contained in that web intent. If your app isn't approved for the domain, the web intent resolves to the user's default browser app instead.
> Apps can get this approval by doing one of the following:
> * Verify the domain using the Android App Links feature.
> * Have the user manually associate your app with the domain in system settings.
> If your app invokes web intents, consider adding a prompt or dialog that asks the user to confirm the action
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net <mailto:Openid-specs-ab at lists.openid.net>
> http://lists.openid.net/mailman/listinfo/openid-specs-ab <http://lists.openid.net/mailman/listinfo/openid-specs-ab>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210518/8c447a5c/attachment-0001.html>

More information about the Openid-specs-ab mailing list