Chrome/Chromium Android Web Intents decision logic
Alex
Hi everyone,
I’m new to Chromium and currently studying specific components of it for a university web-security seminar. Because the codebase is quite large, I’m hoping someone can point me to the relevant areas.
Specifically, I’m trying to understand where Chromium decides whether an action counts as a “user activation” in the context of Android intent URI handling (e.g., clicking a link like: intent://scan/#Intent;scheme=exampleapp;package=com.example.app;end. As far as I know Chrome on Android will allow this navigation if it was triggered by a genuine user gesture (e.g., a tap), but if it is triggered by script without prior user interaction, Chrome either blocks it or shows a confirmation dialog. My goal is to analyze which input events qualify as transient user activation and how this feeds into the intent-launching logic.
So far, from online documentation, I found that events such as click, keydown/keyup, touchstart/touchend contribute to user activation, while others do not. However, I would like to confirm this by finding the actual decision logic in the source code.
Could someone point me to the part of the Chromium/Chrome for Android codebase where:
-
User gestures / user activation are detected and recorded, and
-
The navigation / intent-launching code check that a user gesture truly happend
I hope my question is formulated clearly.
Any pointers to the right directories or files would be greatly appreciated.
Thanks in advance!