[Proposal] Reviving Get Installed Related Apps

The original thread was created a few years ago here.

The API ran as an experiment in Chrome, and now the spec is being finalized and reviewed.

Useful links:

Inline Explainer:

Get Installed Related Apps API

Abstract

As the capabilities of the web grow, the functionality of web apps begins to match that of corresponding native apps. The situation of users having a web app and the corresponding native app both installed on the same device will become more common, and the feature sets of these apps will converge.

It is important to allow apps to detect this situation to allow them to disable functionality that should be provided by the other app.

The GetInstalledRelatedApps API allows web apps to detect if related native apps are installed on the current device.

Querying the installed local apps that specify the website.

From an async function:

const listOfInstalledApps = await navigator.getInstalledRelatedApps();
for (const app of listOfInstalledApps) {
  // These fields are specified by the Web App Manifest spec.
  console.log('platform:', app.platform);
  console.log('url:', app.url);
  console.log('id:', app.id);

  // This field is provided by the UA.
  console.log('version:', app.version);
}

Describing a relationship from native application to website (and vice versa)

This API is being developed with the assumption that a system exists to create associations from applications to web applications.

We can define relationships between a web application and other applications by using the “related_applications” member of the web application manifest.

Example:

{
  "related_applications": [
    {
      "platform": "play",
      "url": "https://play.google.com/store/apps/details?id=com.example.app1",
      "id": "com.example.app1",
      "min_version": "2",
      "fingerprints": [
        {
          "type": "sha256_cert",
          "value": "92:5A:39:05:C5:B9:EA:BC:71:48:5F:F2"
        }
      ]
    },
    {
      "platform": "itunes",
      "url": "https://itunes.apple.com/app/example-app1/id123456789"
    }
  ]
}

Each platform has its own method of verifying a relationship. In Android, the Digital Asset Links system can be used to define an association between a website and an application. If the application is installed locally and defines an association with the requesting web application, we return the app as defined in the “related_applications” member.

Privacy Considerations

This feature only works with sites using HTTPS. This ensures that the website cannot be spoofed, and that the association between the site and application is valid.

The association between the web app and its counterpart is bidirectional, meaning that the web app has to declare its association with the related app, and the related app has to declare its association with the web app. This prevents malicious websites from fingerprinting users and getting a list of their installed applications.

The User Agent should return no installed applications when running in a privacy preserving mode, for example Incognito in Chrome or Private Browsing in Firefox.

I note the issue #1 opened in response to @martinthomson’s comment is still un-commented on (privacy/etc). Is this now addressed? “Being finalized and reviewed” - where, and who is doing so?

I didn’t go through the really old topics since they are out of date. I’ll sweep through those to close them out at some point.

It’s worth mentioning that the counterpart of this spec already lives in the Manifest spec, which is authored by Marcos, the person who gave the feedback.

I’m writing the spec because it’s long overdue, and here is the TAG review issue.