4

I define my app links as follows in AndroidManifest.xml:

<intent-filter android:autoVerify="true">
    <action android:name="android.intent.action.VIEW"/>
    <category android:name="android.intent.category.BROWSABLE"/>
    <category android:name="android.intent.category.DEFAULT"/>

    <data android:host="mysite.com" android:scheme="http"/>
    <data android:host="mysite.com" android:scheme="https"/>
    <data android:host="www.mysite.com" android:scheme="http"/>
    <data android:host="www.mysite.com" android:scheme="https"/>
</intent-filter>

The app correctly detects URLs from the host correctly but prompts if the user would like to open them in the application or the browser because verification fails as seen in the Android monitor console:

01-17 15:44:28.847 7084-30015/? I/IntentFilterIntentSvc: Verifying IntentFilter. verificationId:2 scheme:"https" hosts:"mysite.com www.mysite.com" package:"com.site.myapp.android.flavor".
01-17 15:44:29.821 7084-30015/? I/IntentFilterIntentSvc: Verification 2 complete. Success:false. Failed hosts:mysite.com,www.mysite.com.

My assetlinks.json file is located at mysite.com/.well-known/assetlinks.json and contains the correct package name and SHA256 hash. It is also accessible via http and https. I have verified the SHA hash matches that from the keystore by extracting the CERT.RSA file from the APK and using keytool -printcert -file CERT.RSA

I have tried calling https://digitalassetlinks.googleapis.com/v1/statements:list?source.web.site=https://domain1:port&relation=delegate_permission/common.handle_all_urls as well as using the google site Statement List Tester and both return OK.

I am using a Nexus device running Android 7 for testing.

According to the documentation I have done everything required for app linking to work. Is there anything else that I can check?

My server is running IIS on Windows 7, I have already added application/json as a mimetype in the IIS and web.config files. Could it be failing because I am using a self-signed SSL certificate?

EDIT: SingleHostAsyncVerifier also logs the verification failing. (replaced mysite with example and SHA hash)

01-17 15:44:29.817 7084-30017/? I/SingleHostAsyncVerifier: Verification result: checking for a statement with source a <
a: "https://www.example.com"
>
, relation delegate_permission/common.handle_all_urls, and target b <
a: "com.mypackage.flavor"
b <
a: "(SHA256 hash)"
>
>
--> false.
01-17 15:44:29.820 7084-30016/? I/SingleHostAsyncVerifier: Verification result: checking for a statement with source a <
a: "https://example.com"
>
, relation delegate_permission/common.handle_all_urls, and target b <
a: "com.mypackage.flavor"
b <
a: "(SHA256 hash)"
>
>
--> false.
kira_codes
  • 1,457
  • 13
  • 38
  • 1
    Check the logcat with this tag: `SingleHostAsyncVerifier` – Simon Marquis Jan 18 '17 at 10:06
  • @SimonMarquis I just added it to the original question. It also shows the verification failure. – kira_codes Jan 18 '17 at 17:09
  • It's weird indeed. Quick checks: are you sure the sha matches? (debug builds vs release builds), is the file provided as `application/json`, is it json valid? – Simon Marquis Jan 18 '17 at 17:29
  • Even stranger, it states 2 verifications but you set 4 of them. Did you already tryed with a single one. – Simon Marquis Jan 18 '17 at 17:31
  • I just confirmed with Postman that it is being served as `application/json` and not `text/html`. I think the reason that there are only 2 verifications is because it attempts to verify site.com and www.site.com via https only. I tried with only one declaration and it still fails. I just verified that the SHA has in the apk generated in project/build/outputs/apk matches the one in the assetlinks.json file as well. – kira_codes Jan 18 '17 at 18:32
  • If I have to guess it's because I'm using a self-signed SSL certificate for development but it's not stated anywhere in the documentation that it would be an issue. – kira_codes Jan 18 '17 at 21:23
  • Yeah it might be this. The statement list tester tool should have spotted this though – Simon Marquis Jan 18 '17 at 21:50
  • I checked on a different host with a valid SSL certificate and it still fails verification. It is incredibly frustrating that the google logging doesn't provide more explanation. – kira_codes Jan 20 '17 at 17:39
  • Even with a single url? – Simon Marquis Jan 20 '17 at 17:41
  • yes. If I navigate to https://mysite/.well-known/assetlinks.json the browser shows that the connection is secure and there is not certificate warning. – kira_codes Jan 20 '17 at 18:39
  • but if I navigate there in Chrome for Android I do get a certificate warning. I guess verification fails because Google considers the cert untrusted for some reason. – kira_codes Jan 20 '17 at 18:51
  • Fair enough. Check chrome developer console on desktop to troubleshoot this certificate issue – Simon Marquis Jan 20 '17 at 18:52
  • Having similar issue with the valid SSL certificate, any other possibilities? – fen1ksss Oct 21 '19 at 16:13

1 Answers1

11

Although unmentioned in the app links documentation, app links require that the server have a valid SSL certificate from a public or trusted certificate authority. Self-signed certificates do not work.

After switching to a SSL certificate issued by https://www.thawte.com/ the app link verification completes successfully.

kira_codes
  • 1,457
  • 13
  • 38