Universal Links (iOS) and App Links (Android) let a single HTTPS URL open your app when installed—or fall back to the web when it isn’t. This guide explains what they are, how they work, how to set them up, and how to test them reliably across browsers, devices, and webviews.

What Are Universal Links (iOS)?

Universal Links map verified HTTPS paths to in-app destinations. When your iOS app is installed, tapping a verified link opens the app; otherwise, the URL loads in Safari.

Verification: iOS checks an apple-app-site-association (AASA) file on your domain.
HTTPS, no custom scheme: Share normal, readable URLs.
Better UX: Bypasses “Open in…” prompts and reduces redirect hops.

Deep dive: Universal Links (iOS)

What Are App Links (Android)?

App Links provide the same verified-domain behavior on Android. Verified links route into the app; otherwise, they open in the browser.

Verification: Android checks /.well-known/assetlinks.json on your domain.
Chooser bypass: Verified domains skip the intent chooser for smoother opens.
Consistency: Works across Chrome and modern Android webviews.

More details: App Links (Android)

How Universal/App Links Work

Verified domain: Host an association file declaring your app ID(s) and allowed paths.
OS trust: iOS/Android fetch and cache the file to confirm domain↔app ownership.
User tap: If the app is installed and the path matches, the OS opens the app directly.
Fallback: If not installed or verification fails, the URL opens on the web.

Setup Checklist

iOS (Universal Links)

Add your domains under Associated Domains in Xcode (e.g., applinks:example.com).
Host /.well-known/apple-app-site-association over HTTPS, with JSON content type and no redirects.
Include your appID (TEAMID.bundleid) and allowed paths.
After entitlement/domain changes, delete and reinstall the app to refresh the trust cache.

Android (App Links)

Declare HTTPS intent filters and enable auto-verification.
Host /.well-known/assetlinks.json with your package_name and sha256_cert_fingerprints.
Ensure reachability with correct headers and no redirect chains.

Benefits

Seamless UX: Opens the right in-app screen when possible; web fallback otherwise.
Higher engagement: Less friction increases open, activation, and purchase rates.
Security & trust: Domain verification reduces spoofing risks.
Shareable URLs: Human-readable HTTPS links work across email, SMS, social, QR, and web banners.

Challenges & Considerations

Association files: Wrong headers, redirects, or malformed JSON break verification.
Path mismatches: Tapped URLs must match the allow-list in AASA/assetlinks.json.
Webviews & private modes: Behavior can differ vs Safari/Chrome—plan desktop and private-mode fallbacks.
Caching: iOS caches association data; bump version and reinstall to force refresh after changes.

Testing & QA

Matrix: installed vs not installed; iOS/Android; Safari/Chrome; email/social webviews; cold/warm start.
Validate AASA/assetlinks reachability, headers, and JSON structure.
Check that link paths match your allow-list and that redirects (if any) keep HTTPS and preserve parameters.
Verify fallbacks on desktop and in private/incognito modes.

Exploring Universal Links and App Links: Seamless Navigation Across Platforms