2

Hey Guys I was going through deep link implementation documentations, It's written that "In an Android app, the statement list is a JSON snippet with the same syntax as a website statement file, but it is embedded in the strings.xml file"

Example for Statement list which is published on Server

Here is an example statement list on a website: http://example.digitalassetlinks.org/.well-known/assetlinks.json

My question is that do I have to put my sha256_cert_fingerprints in string resource file, If I have to then fingerprints would be accessible after an APK is decompiled and this may lead to major security concern.

Aftab Ali
  • 201
  • 1
  • 6
  • 16
  • There is no requirements on the app side. Simply don't forget the ```autoVerify="true"``` attribute on the intent-filter – Simon Marquis Jun 08 '16 at 12:01
  • @SimonMarquis Yes I knew that I have gone through the documentation and it is a requirement to include autoVerify attribute in manifest file for Android 6.0 – Aftab Ali Jun 09 '16 at 05:57

1 Answers1

0

Based on the examples further down that same page, it appears the fingerprints are only necessary on the server file.

However, if you are simply trying implement AppLinks, that guide is fairly confusing. I'd suggest either following the main AppLinks guide or even trying a free service like Branch.io (full disclosure: I'm on the team)

Alex Bauer
  • 13,147
  • 1
  • 27
  • 44
  • using Branch.io is not recommendation for my use case. I posted this same question on google plus community and Ian lake replied to that post and cleared my confusion. [Post](https://plus.google.com/+aftabsikander/posts/hmSKCBA6zAQ) – Aftab Ali Jun 09 '16 at 05:54