Requirements
What Is Deep Linking?
Deep linking is when a user selects a link and the mobile application opens instead of the browser.
Setup Steps
-
Enable HTTPS on existing link domains by adding certificates.
-
Provide JSON files to the link domains.
Provide the JSON configuration files to your link domains. These files establish the association between your domains and your apps. For more information, see the iOS Universal Links and Android App Links documentation.
-
Enable link domains in the app.
- for iOS, the
com.apple.developer-associated-domainsshould be added as anappLink. The app receives the URL as an activity. For more information, read the iOS documentation for Support of Universal Links - for Android, an intent should be added with the link domain. For more information, see the Android documentation for creating Intent Handlers
- for iOS, the
-
Verify that deep links work as expected.
Security Recommendations
| Possible Threat | Mitigation |
|---|---|
| Malicious URL injection | Restrict accepted hosts. Verify schema and host before tracking |
| Open redirects | Avoid acting on arbitrary query parameters without validating them |
Logging Recommendations
- Add a debug log that includes the host and the URL path.
- Ensure you mask sensitive query values in the log, for example by avoiding logging full tokens.
Testing Checklist
- iOS: Confirm that the
apple-app-site-associationfile is accessible over HTTPS. - Android: Verify that the intent filter launches the correct activity.
- Web: Validate that the
ems_dlparameter is present when tracking.