Skip to content

Track Deep Linking vs. Credential Sharing in assetlinks.json #152

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rviscomi merged 9 commits into from
Jan 28, 2025
Merged

Track Deep Linking vs. Credential Sharing in assetlinks.json #152

rviscomi merged 9 commits into from
Jan 28, 2025

Conversation

@tsunoyu
Copy link
Contributor

@tsunoyu tsunoyu commented Jan 16, 2025
edited by tunetheweb
Loading

Resolved: #151

This custom metric enhancement tracks the usage of the two predefined relation strings in assetlinks.json:

  • delegate_permission/common.handle_all_urls (Deep Linking): Indicates the associated Android app can handle all URLs from the website, enabling deep linking functionality.
  • delegate_permission/common.get_login_creds (Credential Sharing): Allows the app to access the user's login credentials stored for the website.

By tracking these relationships, we can gain valuable insights into how websites are utilizing assetlinks.json and identify trends in deep linking and credential sharing practices.

Changes:

  • Modified the parseResponse function to count occurrences of the two relation strings and include the counts in the output JSON.
  • Added deep_linking and credential_sharing fields to the JSON output for /.well-known/assetlinks.json.

Test websites:

@tsunoyu tsunoyu mentioned this pull request Jan 16, 2025
Closed
tunetheweb
tunetheweb approved these changes Jan 16, 2025
View reviewed changes
Copy link
Member

@tunetheweb tunetheweb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@tunetheweb
Copy link
Member

tunetheweb commented Jan 16, 2025

Will merge this next week, since we're mid crawl at the moment.

@github-actions
Copy link

github-actions bot commented Jan 16, 2025

https://almanac.httparchive.org/en/2022/

WPT result details

Changed custom metrics values:

{
  "_well-known": {
    "/.well-known/assetlinks.json": {
      "found": false
    },
    "/.well-known/apple-app-site-association": {
      "found": false
    },
    "/.well-known/related-website-set.json": {
      "found": false
    },
    "/.well-known/privacy-sandbox-attestations.json": {
      "found": false
    },
    "/.well-known/gpc.json": {
      "found": false
    },
    "/robots.txt": {
      "found": true,
      "data": {
        "matched_disallows": {}
      }
    },
    "/.well-known/security.txt": {
      "found": false,
      "data": {
        "status": 404,
        "redirected": true,
        "url": "https://almanac.httparchive.org/.well-known/security.txt/",
        "content_type": "text/html; charset=utf-8"
      }
    },
    "/.well-known/change-password": {
      "found": false,
      "data": {
        "status": 404,
        "redirected": true,
        "url": "https://almanac.httparchive.org/.well-known/change-password/"
      }
    },
    "/.well-known/resource-that-should-not-exist-whose-status-code-should-not-be-200/": {
      "found": false,
      "data": {
        "status": 404,
        "redirected": false,
        "url": "https://almanac.httparchive.org/.well-known/resource-that-should-not-exist-whose-status-code-should-not-be-200/"
      }
    }
  }
}
https://www.on.com

WPT result details

Changed custom metrics values:

{
  "_well-known": {
    "/.well-known/assetlinks.json": {
      "found": true,
      "data": {
        "deep_linking": false,
        "credential_sharing": false
      }
    },
    "/.well-known/apple-app-site-association": {
      "found": true
    },
    "/.well-known/related-website-set.json": {
      "found": false
    },
    "/.well-known/privacy-sandbox-attestations.json": {
      "found": false
    },
    "/.well-known/gpc.json": {
      "found": false
    },
    "/robots.txt": {
      "found": true,
      "data": {
        "matched_disallows": {
          "*": [
            "/account",
            "/authentication",
            "/account-confirmation"
          ]
        }
      }
    },
    "/.well-known/security.txt": {
      "found": true,
      "data": {
        "status": 200,
        "redirected": true,
        "url": "https://www.on.com/en-us/.well-known/security.txt",
        "content_type": "text/html;charset=utf-8",
        "signed": false,
        "all_required_exist": false,
        "only_one_requirement_broken": false,
        "valid": false
      }
    },
    "/.well-known/change-password": {
      "found": true,
      "data": {
        "status": 200,
        "redirected": true,
        "url": "https://www.on.com/en-us/.well-known/change-password"
      }
    },
    "/.well-known/resource-that-should-not-exist-whose-status-code-should-not-be-200/": {
      "found": true,
      "data": {
        "status": 200,
        "redirected": true,
        "url": "https://www.on.com/en-us/.well-known/resource-that-should-not-exist-whose-status-code-should-not-be-200/"
      }
    }
  }
}
https://www.amazon.co.jp

WPT result details

Changed custom metrics values:

{
  "_well-known": {
    "/.well-known/assetlinks.json": {
      "found": true,
      "data": {
        "deep_linking": false,
        "credential_sharing": false
      }
    },
    "/.well-known/apple-app-site-association": {
      "found": true
    },
    "/.well-known/related-website-set.json": {
      "found": false
    },
    "/.well-known/privacy-sandbox-attestations.json": {
      "found": false
    },
    "/.well-known/gpc.json": {
      "found": false
    },
    "/robots.txt": {
      "found": true,
      "data": {
        "matched_disallows": {
          "*": [
            "/exec/obidos/account-access-login",
            "/exec/obidos/dt/assoc/handle-buy-box",
            "/exec/obidos/flex-sign-in",
            "/exec/obidos/refer-a-friend-login",
            "/exec/obidos/subst/associates/join",
            "/gp/sign-in",
            "/ap/signin",
            "/exec/obidos/account-access-login",
            "/exec/obidos/dt/assoc/handle-buy-box",
            "/exec/obidos/flex-sign-in",
            "/exec/obidos/refer-a-friend-login",
            "/exec/obidos/subst/associates/join",
            "/gp/sign-in",
            "/ap/signin",
            "/gp/video/auth"
          ]
        }
      }
    },
    "/.well-known/security.txt": {
      "found": true,
      "data": {
        "status": 200,
        "redirected": false,
        "url": "https://www.amazon.co.jp/.well-known/security.txt",
        "content_type": "text/plain",
        "signed": false,
        "contact": [
          "https://hackerone.com/amazonvrp/reports/new"
        ],
        "policy": [
          "https://hackerone.com/amazonvrp"
        ],
        "hiring": [
          "https://www.amazon.jobs/en/teams/infosec"
        ],
        "all_required_exist": false,
        "only_one_requirement_broken": false,
        "valid": false
      }
    },
    "/.well-known/change-password": {
      "found": false,
      "data": {
        "status": 404,
        "redirected": false,
        "url": "https://www.amazon.co.jp/.well-known/change-password"
      }
    },
    "/.well-known/resource-that-should-not-exist-whose-status-code-should-not-be-200/": {
      "found": false,
      "data": {
        "status": 404,
        "redirected": false,
        "url": "https://www.amazon.co.jp/.well-known/resource-that-should-not-exist-whose-status-code-should-not-be-200/"
      }
    }
  }
}
https://www.libero.it

WPT result details

Changed custom metrics values:

{
  "_well-known": {
    "/.well-known/assetlinks.json": {
      "error": "Failed to fetch"
    },
    "/.well-known/apple-app-site-association": {
      "error": "Failed to fetch"
    },
    "/.well-known/related-website-set.json": {
      "found": true
    },
    "/.well-known/privacy-sandbox-attestations.json": {
      "error": "Failed to fetch"
    },
    "/.well-known/gpc.json": {
      "error": "Failed to fetch"
    },
    "/robots.txt": {
      "found": true,
      "data": {
        "matched_disallows": {}
      }
    },
    "/.well-known/security.txt": {
      "error": "Failed to fetch"
    },
    "/.well-known/change-password": {
      "error": "Failed to fetch"
    },
    "/.well-known/resource-that-should-not-exist-whose-status-code-should-not-be-200/": {
      "error": "Failed to fetch"
    }
  }
}

@rviscomi rviscomi merged commit fa75f28 into HTTPArchive:main Jan 28, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tunetheweb tunetheweb tunetheweb approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Improvement Request: Track Deep Linking vs. Credential Sharing in assetlinks.json

3 participants

@tsunoyu @tunetheweb @rviscomi