Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I forgot I had it installed on my phone, but clicking the link opened, to my surprise, the Simply Piano app. Why you'd associate your app with that domain for legitimate purposes is a bit of a mystery to me.


Isn't that meant to be cryptographically paired? Apps shouldn't be able to intercept random domain names whenever they want

You'd need the right info at URLs like:

https://example.com/apple-app-site-association

https://example.com/.well-known/apple-app-site-association

https://example.com/.well-known/assetlinks.json (Android)

(which obviously don't exist for this domain)


Probably by copy pasting example code?


That.


This shouldn't be possible on Android. Google requires apps capturing http/s deeplinks verify ownership of the URI.[1] They can accept any other schema declared in their manifest otherwise. Example code would seem most plausible, but I can't see how it would work.

[1] https://developer.android.com/training/app-links/verify-site...


Twitter deeplinks open the third-party Twitter client I have installed (Fenix) on Android for me.


iOS or Android?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: