Trusted web activity - Digital assets link validation for intranet/private web app seem to be failing

Question

I've followed this doc to

1. Create a wrapper Android app based on this sample project for my UI application which runs in non-public domain in our corporate servers.
2. Add assetlinks.json in my Angular 6 PWA application, with SHA256 fingerprints of my release key.
3. Deployed the signed apk to a Android 4.4.3 device running Chrome Dev 69 and Google play services - 12.8.74.

When I run the application, everything works fine except hiding the address bar, which makes it as a regular custom tab and not the "Trusted web" content.

I don't see any error in the log and not sure how to debug this scenario. Any help on this is appreciated.

Answer 1

Got confirmation from Chrome team that they are using TWA assets link validation in server side using an API call and so this solution wont work for Private web apps. Said that, they are also considering to move that logic to browser to support this use case. Will update here when I have any update on this.

Update: As of Chrome Version 72, TWA(Trusted web activity) if available in Chrome stable version and the web asset validation(to make sure the web page is yours/same as the app its loaded to) happens in browser. So this solution can be implemented for private web apps for hosting inside enterprise environment.

Also, now PWAs can be packed as regular app using TWA solution and uploaded to Play store as an apk file. Documentation on this is still being updated as per one of Chrome developer. But the solution as such is ready for use.