Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Prevent Deeplink from being opened within the browser of the originating app

I am using Branch.io to Deeplink from the Salesforce App to my Cordova app. However, when I click the deeplink in the Salesforce app, it just opens my app within a browser inside the Salesforce app instead of actually taking me to my app. It seems like I should be using a <intent-filter/> to make that happen but it doesn't seem to be able to take me out of the originating Salesforce app. Here is what my <intent-filter/> currently is:

 <intent-filter android:name="io.branch.sdk.UriScheme">
    <action android:name="android.intent.action.VIEW" />
    <category android:name="android.intent.category.DEFAULT" />
    <category android:name="android.intent.category.BROWSABLE" />
    <data android:scheme="myapp" />
 </intent-filter>
 <intent-filter android:autoVerify="true" android:name="io.branch.sdk.AppLink">
    <action android:name="android.intent.action.VIEW" />
    <category android:name="android.intent.category.DEFAULT" />
    <category android:name="android.intent.category.BROWSABLE" />
    <data android:host="myapp.app.link" android:scheme="https" />
</intent-filter>

What other intent actions or categories do I need there?

like image 314
Rozgonyi Avatar asked Apr 17 '18 18:04

Rozgonyi


People also ask

How do I disable deeplink?

You have to have one API which will return boolean to enable or disable the DeepLinking. Based on business, server has to return the response. You need to hit the API on your deep linking Activity and redirect the user to browser in case of disabled deep linking and kill your activity.

What is a deferred deeplink?

Deferred deep links are mobile hosted links that are able to take the user to the intended content through the install process, basically matching the user who clicked a link in a paid or organic channel to the user who opened the app for the first time after installing it.

What is deeplink redirect?

On mobile, the redirect page opens your mobile app on a specific page using deeplinks or opens the App store for iOS or Google Play store for Android to download your mobile app. On desktop, it opens a fallback url. This component should be used together with Deeplink Mobile.

What is difference between app link and deep link?

When a user click an URL, it might open a dialog which asks the user to select one of multiple apps handling the given URL. On the other hand, An Android App Link is a deep link based on your website URL that has been verified to belong to your website. When user clicks that URL, it opens your app.

How to add deep links as APP links?

App Links in general, are the secure version of deep links. In order for Android to handle your deep links as App Links, you have to set the android:autoVerify="true" in any of the web URL intent filters of your app. Moreover, you cannot have any custom scheme in your intent filter, but only http or https.

How safe are deep links in mobile apps?

Mobile app developers often use deep links to improve the user experience and engagement by helping users navigate from the web to their app. However, our security testing has found an easily exploitable vulnerability when deep links are used incorrectly for authorization purposes.

What is a deep link?

Deep links are URLs that take users directly to specific content in an app. They can be set up by adding a data specification (URI) inside an Intent Filter.

Are deep links a security vulnerability?

However, our security testing has found an easily exploitable vulnerability when deep links are used incorrectly for authorization purposes. This blog will explain how this vulnerability can be exploited and how to safeguard your app by using the more secure version of deep links, App Links.


1 Answers

What actually definitively resolved this was going into the AndroidManifest.xml and setting android:launchMode="singleTask" on my main activity.

I know that in the android docs it says singleTask is not recommended. I believe that's because it prevents you from going back but we take over the functionality of the hardware back button so that's not relevant. Also according to this SO answer, it seems like the right thing to do in our context.

like image 183
Rozgonyi Avatar answered Oct 11 '22 01:10

Rozgonyi