0

I am trying to understand at a little bit lower level how Android Instant Applications work, as well as analyse a bit the security aspect. I know you create an app, it has its modules and activities, and you need to specify an URL entry-point for each feature module. Now, I have my application, I have my link, I browse to it. Two questions here:

1) How does Android, my browser, DNS, whatever parses that link, know that it's not a normally browsable internet link, but that it's actually an instant app and and should open it like an instant app using the android framework, download base and feature modules, isntant-compilation, etc. ?

2) What does it actually do after it understands it's an instant app? What calls are made? WHERE exactly is the application contained? We start from the browser we use to search and find that link, after that? Is it contained in that browser's sandbox? Does it create a new container for that app? From a security perspective, this information would be quite important and interesting.

How can I gather more info about all this? Are there any tools that allow me to see into these load procedures? Any link to some extra documentation or knowledge of how this particular aspect of android works?

I suspect there won't be much public info because even though they were introduced in the end of 2016, Instant Apps is still a very new and explored feature, but that's exactly what I'm working on. If there is anything that can allow me to see what's going on, tools, debuggers, stuff I don't even know it exists, please let me know.

Emilian Cebuc
  • 331
  • 4
  • 20
  • 1
    As you said there's not a lot of documentation or complex explanations about this feature, but I found a really insteresting post about Instant Apps, **Introduction to Instant Apps by Tomino Fekiac** [Part 1](https://medium.com/inloopx/android-instant-apps-part-1-ba568d85a888) [Part 2](https://medium.com/inloopx/android-instant-apps-part-2-7bebb74fa7bb) [Part 3](https://medium.com/inloopx/android-instant-apps-part-3-8ba15794f81) . Hope you can find some value information here. – GonzaloPani Aug 09 '18 at 07:16
  • Thanks a lot for that, but unfortunately except for a small section in the Part 2, most of that info couldn't help me as it is still fairly high level and public/known. But I appreciate the help, it's just that I'm trying to figure out what happens even deeper – Emilian Cebuc Aug 10 '18 at 09:29
  • It knows it is an IA because it will check the link against its web domain's assetlinks.json, then look up the app package name defined there and see if it has an IA that supports this link. It does have a sandbox of sorts since something needs to verify and proxy the api/connections it is calling. – TWL Aug 10 '18 at 15:52
  • @TWL do you have any reference for that where I could read more about it? – Emilian Cebuc Aug 13 '18 at 09:10
  • No, nothing that goes deeper than this, these are my deductions based off of my experience with instant apps. =) – TWL Aug 14 '18 at 00:29

0 Answers0