Implementing Android App Links with Digital Asset Links

It is common to use the terms deep link and app link interchangeably, but they represent different levels of technical sophistication in the Android ecosystem. Deep links are generic intent filters that allow any application to claim a URI pattern, which often leads to the user being prompted with multiple choices. They are easy to set up but offer zero security and a high-level of user friction.

App Links are a specialized type of deep link that are specifically verified against a web domain through an HTTPS-hosted JSON file. When a user installs an app with these verified links, the system attempts to download the verification file immediately to confirm the relationship. If the verification succeeds, the system registers the app as the default handler for those URLs without any user intervention.

Every extra tap required to reach a destination in a mobile app decreases the likelihood of a successful conversion. When a user clicks a promotional link in an email, they expect to land on the product page, not to be asked which browser or app they want to use. This decision point creates cognitive load and can confuse less tech-savvy users who may not understand why they are being asked.

Furthermore, if a malicious app claims your custom URI scheme, it could potentially intercept sensitive data by tricking users into opening the wrong application. App Links mitigate this security risk by requiring a digital signature check that a malicious actor cannot forge without access to your web server. This makes the verification process a security requirement as much as a user experience improvement.

The structure of the assetlinks file is intentionally minimal to reduce the chance of parsing errors by the Android system. Each entry in the array contains a relation field and a target field. The relation field typically specifies that the domain grants permission to open its links, while the target field identifies the app by its package name and SHA-256 certificate fingerprints.

1[
2  {
3    "relation": ["delegate_permission/common.handle_all_urls"],
4    "target": {
5      "namespace": "android_app",
6      "package_name": "com.production.fintech.app",
7      "sha256_cert_fingerprints": [
8        "EF:44:11:00:AA:BB:CC:DD:EE:FF:11:22:33:44:55:66:77:88:99:00:AA:BB:CC:DD:EE:FF:11:22:33:44:55:66"
9      ]
10    }
11  }
12]

Note that the sha256_cert_fingerprints field is an array, allowing a single package to be associated with multiple signing keys. This is particularly useful when transitioning from a legacy signing key to a new one or when using Google Play App Signing. If you use Google Play App Signing, you must use the fingerprint provided in the Google Play Console rather than your local upload key.

Generating the correct fingerprint is the most common point of failure for developers implementing App Links. You can extract this fingerprint from your keystore file using the Java Keytool utility provided with the Android SDK. It is vital to use the SHA-256 version of the fingerprint, as MD5 or SHA-1 hashes will be ignored by the Android verification engine.

If your app is already live, you can also use the Digital Asset Links API to inspect the current state of your domain's verification. This allows you to verify that your server is correctly hosting the file and that the JSON syntax is valid before you release an update to your users. Always double-check that there are no hidden characters or formatting issues in the JSON string that could cause a parsing failure.

Many large-scale applications operate across various subdomains, such as shop.example.com and blog.example.com. Each of these subdomains must be explicitly listed in the intent filter if you want the app to handle their specific paths. Remember that the Android system treats each unique host as a separate verification target that requires its own assetlinks.json file.

If you have a large number of subdomains, managing the verification files can become a logistical challenge. You should consider using a wildcard or a centralized redirection strategy on the web side, but ensure that the final destination of the .well-known path always returns the correct JSON. Consistency across all entry points is the key to maintaining a reliable deep linking experience for the user base.

Once the system verifies the link and opens your app, your activity must be prepared to parse the incoming URI and navigate to the correct screen. This usually involves extracting path segments or query parameters from the intent data. In the provided example, any URL starting with /transfer would be directed to the DeepLinkActivity, which would then extract the transaction ID.

A common pitfall is failing to handle scenarios where the app is already running in the background. You should ensure that your activity handles new intents properly by overriding the onNewIntent method. This prevents the system from creating multiple instances of the same activity and ensures a smooth transition within the app's internal navigation stack.

It is important to note that the behavior of App Links has evolved significantly across different Android versions. Starting with Android 12, the system has become much stricter about verification requirements. If verification fails for a domain on Android 12 or higher, the system will never show the disambiguation dialog; it will simply open the link in the browser by default.

This change makes successful verification even more critical for maintaining a high-quality user experience. Developers targeting modern Android versions must ensure that their server infrastructure is robust enough to handle the verification requests. Relying on legacy deep linking behavior is no longer a viable strategy for apps that require seamless web-to-app transitions.

A frequent mistake is hosting the assetlinks.json file on a server that requires a specific User-Agent or blocks automated requests. The Android system's verification agent may not identify itself like a standard browser, which can trigger security filters or firewalls. You should white-list the verification path to ensure it is globally accessible to all requests.

Performance is another factor to consider, as a slow server response can cause the verification process to time out. Since verification happens at install time, a slow response won't impact the user's immediate experience, but it will prevent the App Link from working until the next time the system attempts a check. Regularly monitor your server logs to ensure that the .well-known path is being served quickly and reliably.