Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improvement Request: Track Deep Linking vs. Credential Sharing in assetlinks.json #151

Open
tsunoyu opened this issue Jan 13, 2025 · 2 comments · May be fixed by #152
Open

Improvement Request: Track Deep Linking vs. Credential Sharing in assetlinks.json #151

tsunoyu opened this issue Jan 13, 2025 · 2 comments · May be fixed by #152

Comments

@tsunoyu
Copy link

tsunoyu commented Jan 13, 2025

Improvement Request: Track Deep Linking vs. Credential Sharing in assetlinks.json

Currently, the custom metric for /.well-known/assetlinks.json at https://github.com/HTTPArchive/custom-metrics/blob/main/dist/well-known.js simply checks for the presence of the file. However, it would be valuable to gather more granular data about how websites are using this file, specifically regarding the types of relationships declared.

Proposed Improvement:

Track the usage of the two predefined relation strings within the assetlinks.json file (as documented at https://developers.google.com/digital-asset-links/v1/relation-strings):

  • delegate_permission/common.handle_all_urls (Deep Linking): Indicates that the associated Android app can handle all URLs from the website, enabling deep linking functionality.
  • delegate_permission/common.get_login_creds (Credential Sharing): Allows the app to access the user's login credentials stored for the website.

Benefits of Tracking This Data:

  • Understand Deep Linking Adoption: Measure the prevalence of deep linking across the web and identify trends in its usage.
  • Monitor Credential Sharing Practices: Gain insights into how often websites allow apps to access user credentials, potentially highlighting security and privacy considerations.
  • Provide More Granular Reporting: Enable more detailed analysis and reporting in the Web Almanac, offering a deeper understanding of how websites utilize assetlinks.json.

Implementation Suggestion:

Modify the existing parseResponse function in well-known.js to specifically parse the assetlinks.json file and count the occurrences of each predefined relation string. This could be achieved by incorporating logic similar to the following:

fetch('/.well-known/assetlinks.json')
  .then(response => response.json())
  .then(data => {
    let deepLinkingCount = 0;
    let credentialSharingCount = 0;
    data.forEach(statement => {
      if (statement.relation === 'delegate_permission/common.handle_all_urls') {
        deepLinkingCount++; 
      } else if (statement.relation === 'delegate_permission/common.get_login_creds') {
        credentialSharingCount++;
      }
    });
    // Include these counts in the output JSON
  });
@tunetheweb
Copy link
Member

SGTM. We already have other well-known URLs that return additional meta data.

Do you fancy submitting a PR with some example sites so the CI can test your changes?

@tsunoyu tsunoyu linked a pull request Jan 16, 2025 that will close this issue
Open
@tsunoyu
Copy link
Author

tsunoyu commented Jan 16, 2025

Thanks for the quick feedback! I've submitted a pull request (#152) with the proposed changes and included a few example sites for testing.

Would you be able to take a look when you have a chance?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Track Deep Linking vs. Credential Sharing in assetlinks.json tsunoyu/custom-metrics
2 participants
@tunetheweb @tsunoyu