Improvement Request: Track Deep Linking vs. Credential Sharing in `assetlinks.json`

[tsunoyu]

Improvement Request: Track Deep Linking vs. Credential Sharing in assetlinks.json

Currently, the custom metric for /.well-known/assetlinks.json at https://github.com/HTTPArchive/custom-metrics/blob/main/dist/well-known.js simply checks for the presence of the file. However, it would be valuable to gather more granular data about how websites are using this file, specifically regarding the types of relationships declared.

Proposed Improvement:

Track the usage of the two predefined relation strings within the assetlinks.json file (as documented at https://developers.google.com/digital-asset-links/v1/relation-strings):

• delegate_permission/common.handle_all_urls (Deep Linking): Indicates that the associated Android app can handle all URLs from the website, enabling deep linking functionality.
• delegate_permission/common.get_login_creds (Credential Sharing): Allows the app to access the user's login credentials stored for the website.

Benefits of Tracking This Data:

• Understand Deep Linking Adoption: Measure the prevalence of deep linking across the web and identify trends in its usage.
• Monitor Credential Sharing Practices: Gain insights into how often websites allow apps to access user credentials, potentially highlighting security and privacy considerations.
• Provide More Granular Reporting: Enable more detailed analysis and reporting in the Web Almanac, offering a deeper understanding of how websites utilize assetlinks.json.

Implementation Suggestion:

Modify the existing parseResponse function in well-known.js to specifically parse the assetlinks.json file and count the occurrences of each predefined relation string. This could be achieved by incorporating logic similar to the following:

fetch('/.well-known/assetlinks.json')
  .then(response => response.json())
  .then(data => {
    let deepLinkingCount = 0;
    let credentialSharingCount = 0;
    data.forEach(statement => {
      if (statement.relation === 'delegate_permission/common.handle_all_urls') {
        deepLinkingCount++; 
      } else if (statement.relation === 'delegate_permission/common.get_login_creds') {
        credentialSharingCount++;
      }
    });
    // Include these counts in the output JSON
  });

[tunetheweb]

SGTM. We already have other well-known URLs that return additional meta data.

Do you fancy submitting a PR with some example sites so the CI can test your changes?

[tsunoyu]

Thanks for the quick feedback! I've submitted a pull request (#152) with the proposed changes and included a few example sites for testing.

Would you be able to take a look when you have a chance?