Android/React Native Deep Linking: Why are duplicate redirect options being displayed to users?

Our React Native Android wellness app asks for authorization for users’ Garmin data to track their steps and fitness. Garmin uses the OAuth 1.0 protocol, so after the user authorizes our app’s access, we need to redirect back to our app to process the oauth_verifier Garmin gives us in the redirect URL. When the user clicks to grant us access, a modal pops up with two options – both options show our app name and app logo. Only clicking on the second redirect option (labeled ‘Open in a different app’) triggers React Native Linking to process the full redirect URL and complete the OAuth 1.0 handshake. Screenshot of the bug

As recently as May, this process was working as designed. Not sure precisely when the bug behavior started, as we have very few Android users who wish to link their Garmin devices to the app.

This bug initially appeared this spring, and I was able to fix it by adding a host to the intent filter tags in our AndroidManifest.xml

<!--OAuth Garmin URI Scheme-->
            <intent-filter android:exported="true">
                <!--Redirecting back to app after authorizing-->
                <data android:scheme=com.wellnessapp.auth **android:host="garmin"**/>
                <action android:name="android.intent.action.VIEW" />
                <category android:name="android.intent.category.DEFAULT" />
                <category android:name="android.intent.category.BROWSABLE" />
            </intent-filter>

No other intents in the manifest use the com.wellnessapp.auth, and the only other location the string appears is in our build.gradle defaultConfig object, where manifestPlaceholders = [appAuthRedirectScheme: com.wellnessapp.auth]