Jared/cursor agent/long press warning

[JP0P]

CHANGELOG

Does this branch warrant an entry to the CHANGELOG?

• Yes
• No

Dependencies

none

Requirements

If you have made any visual changes to the GUI. Make sure you have:

• Tested on iOS device
• Tested on Android device
• Tested on small-screen device (iPod Touch)
• Tested on large-screen device (tablet)

---

• To see the specific tasks where the Asana app for GitHub is being used, see below:
  • https://app.asana.com/0/0/1211843114452190

[samholmes]

Review Summary

2 Critical Issues:

1. Android shortcuts won't open https URLs in browser (inconsistent with iOS implementation)
2. Unescaped & in Android strings.xml

4 Warnings: Inconsistent copy between platforms, double emoji on Android, different shortcut order, misleading "data loss" wording in changelog

5 Suggestions: UIApplicationShortcutItemType convention, Android icons, completion handler, code comments, localization support

See inline comments for details.

[samholmes]

Critical: Android shortcuts will not work — https URLs are not opened in the browser.

The iOS implementation in AppDelegate.swift intercepts https/http URLs and opens them directly in Safari:

if url.scheme == "https" || url.scheme == "http" {
  UIApplication.shared.open(url)
  return true
}

However, Android has no equivalent native handling. The intent sends the URL to MainActivity, which passes it through React Native's Linking → parseDeepLink → launchDeepLink. The 'other' case tries to parse it as a wallet URI, fails, and shows "No wallet for this URI" toast.

Recommended fix (consistent with iOS): Add native Android handling in MainActivity to open https/http shortcut URLs in the browser before they reach React Native. This matches the iOS pattern where https URLs bypass parseDeepLink.

---

Alternative design consideration: If the preference is to have parseDeepLink be the central handler for all intent URIs, the fix would instead be:

1. Update the 'other' case in DeepLinkingActions.tsx to open unrecognized https URLs in the browser as a fallback (similar to linkReferralWithCurrencies which already does if (parsed.type === 'other') await Linking.openURL(uri))
2. Update iOS AppDelegate.swift to pass https URLs through RCTLinkingManager instead of opening them directly

This would centralize URL handling logic in one place (the deep link infrastructure) rather than having platform-specific native handling.

[samholmes]

Critical: Unescaped ampersand in XML.

In XML, & must be escaped as &. An unescaped & can cause parse errors or unexpected behavior.

Fix:

<string name="shortcut_do_not_uninstall_long">⚠️ Login requires 2FA &amp; credentials!</string>

[samholmes]

Warning: Inconsistent copy between platforms.

Platform	Contact Support (long)
Android	"Contact support for help from a live agent"
iOS	"Get help from our live support agents"

Same feature with different wording can be confusing for localization and UX.

Recommendation: Pick one and use it on both platforms.

[samholmes]

Warning: Double emoji on Android vs single on iOS.

• Android short: "⚠️ Save 2FA First!"
• Android long: "⚠️ Login requires 2FA & credentials!"
• iOS title: "⚠️ Save 2FA First!"
• iOS subtitle: "Login requires 2FA & credentials!" (no emoji)

Android uses ⚠️ in both labels; iOS only in the title. The double emoji on Android can feel redundant.

Recommendation: Remove ⚠️ from the Android long label to match iOS.

[samholmes]

Warning: Shortcut order differs between platforms.

• iOS: 2FA warning first, Contact Support second
• Android: Contact Support first, 2FA warning second

If the order is intentional for platform UX, add a comment explaining the rationale. Otherwise, align for consistency.

[samholmes]

Suggestion: UIApplicationShortcutItemType is typically an identifier (e.g. com.edge.app.contact_support), not a full URL.

Storing URLs there works, but it mixes identity with data. Consider using a type like contact_support and passing the URL via userInfo for clearer separation. The handleShortcutItem function would then switch on the type and look up the URL.

[samholmes]

Suggestion: Both Android shortcuts use the same app launcher icon (@mipmap/ic_launcher), making them visually identical.

iOS uses distinct SF Symbols (nosign and message.fill) for each shortcut. Consider using different icons for Android too to improve shortcut recognition and UX.

[samholmes]

Suggestion: UIApplication.shared.open has a completion handler that could help with debugging or analytics.

UIApplication.shared.open(url, options: [:]) { success in
  if !success {
    // Log or handle failure
  }
}

Not critical, but could be useful for future troubleshooting.

[samholmes]

Suggestion: Consider adding a brief comment explaining why shortcut handling is deferred.

The pattern of storing pendingShortcutItem and handling it after React Native setup is useful but not immediately obvious. A comment like:

// Shortcut actions are deferred until React Native is fully initialized
private var pendingShortcutItem: UIApplicationShortcutItem?

would clarify the intent for future readers.

[samholmes]

Localization: These shortcut strings are hardcoded in English only.

The app supports 13 locales via React Native (src/locales/strings/*.json), but these native shortcuts won't be translated.

Recommendation: Use InfoPlist.strings for localization:

1. Create ios/edge/en.lproj/InfoPlist.strings:

SHORTCUT_UNINSTALL_TITLE = "⚠️ Save 2FA First!";
SHORTCUT_SUPPORT_TITLE = "Contact Support";

2. Create locale-specific .lproj folders (e.g., es.lproj, de.lproj) with translated strings.

3. Update Info.plist to use the keys instead of hardcoded strings.

Similarly for Android, add values-es/strings.xml, values-de/strings.xml, etc.

This could be deferred to a follow-up PR, but should at least be documented as a known limitation.