I was just about to go through different ressources of "Android Deeplink". Here i have a question regarding the security of it.
As i understood i can create an intent-filter, lets say for www.myapp.de/goto. This will put a user into my app, if he clickes a link.
As well i am the owner of www.myapp.de.
How can a different developer be prevented from using a deeplink in his app, opening his app, even if the domain is mine?
So in this case i could register an intent-filter for www.google.de/open/ which will cause android to open my developed app?
This makes no sense to me. What am i getting wrong about deeplinks.
Other developers can create a deep link for your URL and there is nothing you can do about it.
If multiple apps can handle the same URL as a deep link, the android OS will ask users with which apps they want to open it.
You can upgrade a deeplink to an app link. You can upload the public signature of your app to your URL. This way android can verify the owner of a deep link URL.
Apps that use app links will automatically open a URL for a verified URL. Therefore they will be the preferred option even if other apps are installed that handle the same URL.