HWHeat Waves
    DashboardUtforsk
    Analyse
    Data Kilder
      • Android Twa Packaging
      • Personvernregler
    • Design Rationale
    • Doc Map
    DocsSettings
    DashboardAtlasUtforsk
    Analyse
    Data Kilder
    1. Documentation
    2. Legal
    3. Android packaging — Trusted Web Activity (HeatWaves)

    Android packaging — Trusted Web Activity (HeatWaves)

    How to package heatwaves.no as a Play Store AAB using a TWA, with no extra SDKs or permissions.

    Android packaging — Trusted Web Activity

    HeatWaves is a full web app on heatwaves.no. The recommended Play Store path is a Trusted Web Activity (TWA): a thin Android shell that opens the live site in the device's Chrome engine, without browser chrome. This keeps a single codebase, adds essentially no new data collection, and requires only network access.

    flowchart LR AAB["AAB no.heatwaves.app"] --> TWA["Trusted Web Activity shell"] TWA --> Chrome["Device Chrome engine"] Chrome --> Web["heatwaves.no (Next.js)"]

    Why TWA (not WebView or native)

    OptionVerdictWhy
    TWA (Bubblewrap / PWABuilder)RecommendedNo duplicate codebase, Google-supported, minimal permissions (network only), full Chrome fidelity.
    Generic WebView APKAvoidExtra shell code, weaker fidelity, easy to accidentally pull in SDKs/permissions.
    Capacitor / React NativeDeferOnly needed for native APIs (push, files, biometrics) — overkill for an analytics dashboard.

    Prerequisites

    1. Web manifest — app/manifest.ts (Next.js Metadata API; served at /manifest.webmanifest). Launcher icons are committed PNGs in public/icons/ (icon-192x192.png, icon-512x512.png; source artwork hw-logo.png).
    2. Digital Asset Links — public/.well-known/assetlinks.json on production (replace placeholder SHA-256 with Play App Signing fingerprint). See vercel-production-setup.md for deploy order.
    3. Bubblewrap project — android/ in this repo:
      • applicationId: no.heatwaves.app
      • host: www.heatwaves.no (apex heatwaves.no redirects to www on Vercel)
      • enableNotifications: false
      • launcher name: HeatWaves
    4. Vercel env — set NEXT_PUBLIC_SITE_URL=https://heatwaves.no in production (see vercel-production-setup.md).

    Deploy order

    1. Deploy assetlinks.json to production so it is live at https://www.heatwaves.no/.well-known/assetlinks.json.
    2. Build the signed AAB with Bubblewrap (local or GitHub Actions Android TWA AAB).
    3. Upload app-release-bundle.aab to Play Console — not the unsigned Gradle output under app/build/outputs/bundle/release/app-release.aab.
    4. Verify the published app opens with no address bar (confirms asset link validation).

    Build output (what to upload)

    Bubblewrap signs the bundle after Gradle. The Play-ready file is:

    FileSignedUpload to Play
    android/app-release-bundle.aabYes (upload key)Use this
    android/app/build/outputs/bundle/release/app-release.aabNoNever upload

    GitHub Actions artifact heatwaves-release-aab contains the signed app-release-bundle.aab. CI also runs jarsigner -verify before upload.

    See android/README.md for local build and secrets.

    Permissions and SDK rule

    A correctly configured Bubblewrap TWA requests only network access (INTERNET). Do not add ad SDKs, analytics SDKs, Firebase, location, contacts, camera, or microphone to the shell. All data processing stays in the web app and is already described in personvernregler.md.

    Before upload, confirm the AAB's declared permissions are network-only. If the manifest shows anything beyond network access, remove the offending dependency from the shell.

    Keeping it consistent

    • The TWA shows the same privacy policy at https://heatwaves.no/personvern, so no separate Android policy is needed.
    • If you ever add native capabilities (push notifications, file access), update both personvernregler.md and the Play play-console-checklist.md Data safety answers first.