问题:

I am trying to understand at a little bit lower level how Android Instant Applications work, as well as analyse a bit the security aspect. I know you create an app, it has its modules and activities, and you need to specify an URL entry-point for each feature module. Now, I have my application, I have my link, I browse to it. Two questions here:

1) How does Android, my browser, DNS, whatever parses that link, know that it's not a normally browsable internet link, but that it's actually an instant app and and should open it like an instant app using the android framework, download base and feature modules, isntant-compilation, etc. ?

2) What does it actually do after it understands it's an instant app? What calls are made? WHERE exactly is the application contained? We start from the browser we use to search and find that link, after that? Is it contained in that browser's sandbox? Does it create a new container for that app? From a security perspective, this information would be quite important and interesting.

How can I gather more info about all this? Are there any tools that allow me to see into these load procedures? Any link to some extra documentation or knowledge of how this particular aspect of android works?

I suspect there won't be much public info because even though they were introduced in the end of 2016, Instant Apps is still a very new and explored feature, but that's exactly what I'm working on. If there is anything that can allow me to see what's going on, tools, debuggers, stuff I don't even know it exists, please let me know.