Digital Asset for App Linking for App target statement list android manifest

Question

Hey Guys I was going through deep link implementation documentations, It's written that "In an Android app, the statement list is a JSON snippet with the same syntax as a website statement file, but it is embedded in the strings.xml file"

Example for Statement list which is published on Server

Here is an example statement list on a website: http://example.digitalassetlinks.org/.well-known/assetlinks.json

My question is that do I have to put my sha256_cert_fingerprints in string resource file, If I have to then fingerprints would be accessible after an APK is decompiled and this may lead to major security concern.

Answer 1

Based on the examples further down that same page, it appears the fingerprints are only necessary on the server file.

However, if you are simply trying implement AppLinks, that guide is fairly confusing. I'd suggest either following the main AppLinks guide or even trying a free service like Branch.io (full disclosure: I'm on the team)