The thing that stands out to me is that desktop shows a dialog before redirecting the user to an external application. On Android, we do it without any UI that would allow the user to decide whether they wanted to leave Chrome.
While I think requiring a user gesture is the right thing to do, it seems even more important on Android when Chrome is not prompting with any such UI.
To me, it seems very much in line with popup blocking, and I wonder if we should be treating it as such across all platforms.
My fix is indeed a quick one to prevent a particularly bad scenario on Android (since we are auto redirecting users), but there are a few cases that my change is indeed preventing. Should we carry user gestures across iframe navigations (like Android does for main frame navigations)? When we block a navigation on Android, all we do is log something to the console saying "navigation to blah is blocked". Should we be doing more?
In general, navigations in Android are more likely to result in jumping to a native app by the nature of Android's design (intent-filters based on URLs and not explicit non-web-y schemes). Blocking external navigations on non-https URLs will be a particularly hard sell on Android as I suspect that would break much of the Android intent ecosystem.
- Ted