LLMpediaThe first transparent, open encyclopedia generated by LLMs

Trusted Web Activity

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Progressive Web App (packaging) Hop 4
Expansion Funnel Raw 120 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted120
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Trusted Web Activity
NameTrusted Web Activity
DeveloperGoogle
PlatformAndroid
Released2018
LicenseApache License

Trusted Web Activity

Trusted Web Activity enables Android applications to display full-screen web content using Chrome without visible browser UI. It bridges Progressive Web Apps and native Android through the Android SDK, Chrome, and web standards, facilitating experiences like offline caching and push notifications.

Overview

Trusted Web Activity integrates the Android SDK, Google Chrome, Chromium project, Android Open Source Project, Progressive Web App, Web App Manifest, Service Worker, HTTPS, App Store, Google Play Services, Android Jetpack, Firebase, Firebase Cloud Messaging, Material Design, Kotlin (programming language), Java (programming language), Android Studio, WebAPK, Digital Asset Links, OAuth 2.0, TLS, Let’s Encrypt, Content Security Policy, HTTP/2, Web Push, IndexedDB, Web Storage, Manifest V3, Blink (browser engine), V8 (JavaScript engine), AMP (Accelerated Mobile Pages), React (JavaScript library), Angular (web framework), Vue.js, Polymer (library), Ionic (framework), Flutter (software development kit), PWA Summit, Google I/O, Mozilla, Microsoft, Apple Inc., Samsung Electronics, NortonLifeLock, Cloudflare, Akamai, Fastly, Service Workers Community Group, WHATWG, W3C.

Architecture and Components

The architecture connects Android's Android Runtime, Android Support Library, AndroidX, Custom Tabs, WebView, Chrome Custom Tabs, Intent (Android), Activity (Android), Fragment (Android), APK, Bundle (Android), Gradle (software), AndroidManifest.xml, Keystore (Android), Signing (software), Digital Asset Links protocol, Origin-Bound Tokens, Certificate Transparency, X.509, Public Key Infrastructure to web assets served from Content Delivery Network providers like Akamai and Cloudflare, using origins validated by Digital Asset Links and served over HTTPS with HSTS. Components include the launching Intent from a host Activity (Android), a Chrome-backed rendering surface from Chromium project, asset integrity checks similar to Subresource Integrity, and background sync powered by Service Worker and Firebase Cloud Messaging.

Security and Permissions

Security relies on origin-bound verification using Digital Asset Links, X.509, TLS 1.3, Certificate Transparency, and the Chrome sandbox from Chromium project. Permissions model interplays with Android permissions model, Scoped Storage, Runtime permission prompts introduced in Android 6.0 (Marshmallow), Google Play policies, and user consent patterns seen in OAuth 2.0 flows. Trusted Web Activity sessions inherit Chrome's process isolation and same-origin enforcement implemented by V8 (JavaScript engine), Site Isolation, and Content Security Policy directives recommended by W3C. Deployment requires correct Android keystore signing and configuration of Digital Asset Links hosted on a domain controlled via DNS providers like GoDaddy, Amazon Route 53, Cloudflare, or Google Domains.

Development and Implementation

Developers integrate with Android tooling including Android Studio, Gradle (software), Kotlin (programming language), Java (programming language), and AndroidX libraries such as Browser (AndroidX) and Lifecycle (AndroidX). The common workflow involves building a Progressive Web App with toolchains like Webpack, Babel, ESLint, npm, Yarn (package manager), Node.js, framework integrations for React (JavaScript library), Angular (web framework), Vue.js, or Ionic (framework), testing with Lighthouse (tool), Selenium, Puppeteer, and deploying via CI/CD systems like Jenkins, GitHub Actions, GitLab CI, Travis CI, or CircleCI. Implementation requires setting up Digital Asset Links JSON on HTTPS origins, configuring intents and activity entries in AndroidManifest.xml, signing with Android Keystore, and validating behavior across browsers including Google Chrome, Microsoft Edge, Brave (web browser), and Samsung Internet.

Use Cases and Adoption

Use cases include news experiences for organizations like The Washington Post, The New York Times, BBC, e-commerce for companies like Amazon (company), eBay, and social platforms analogous to Twitter integrations. Enterprises use Trusted Web Activity for hybrid apps in industries served by Salesforce, SAP SE, Oracle Corporation, and Adobe. Adoption is common among development teams familiar with Progressive Web App patterns, and organizations showcased at events like Google I/O and Chrome Dev Summit have demonstrated retail, media, and productivity examples.

Limitations and Criticism

Criticism centers on dependence on Google Chrome and the Chromium project for rendering, potentially disadvantaging ecosystems dominated by Apple Inc.'s WebKit and Safari (web browser), and concerns over app store policies like those of Google Play and Apple App Store. Other limitations include the need for correct Digital Asset Links setup, complex offline strategies compared to native SDKs such as Flutter (software development kit), and challenges with deep device integration handled by APIs from Android Open Source Project versus native frameworks. Privacy advocates cite reliance on browser telemetry from Google Chrome and centralization around large CDN providers like Akamai and Cloudflare.

Category:Android (operating system)