App Links setup is one of the most impactful technical decisions you can make when building or maintaining an Android application. Done correctly, it allows users to open URLs directly inside your app – without the friction of a browser redirect or a disambiguation dialog. Done poorly, it silently fails and costs you conversions you never even knew you were losing.
This guide walks through the complete App Links setup process for Android, from the underlying mechanics to the exact configuration steps, common pitfalls, and real-world recommendations for SMB decision-makers who need reliable, production-ready deep linking.
What Are App Links and Why Does App Links Setup Matter?
Android App Links are a verified form of deep linking introduced in Android 6.0 (Marshmallow, API level 23). Unlike standard deep links that use custom URI schemes (e.g., `myapp://`), App Links use standard HTTPS URLs and require domain ownership verification by Google. When verified, Android opens the link directly in your app – no browser, no user prompt.
This matters for your business because:
- Conversion rates increase when users land directly in-app instead of a mobile browser
- User experience improves – fewer steps between intent and action
- Marketing campaigns perform better – email, SMS, and social links all benefit from seamless handoffs
- App Links are the Android counterpart to iOS Universal Links, providing cross-platform consistency for teams managing both ecosystems
According to Google's official Android documentation, verified App Links eliminate the disambiguation dialog entirely, giving your app a clear competitive UX advantage over unverified competitors.
How App Links Verification Works
Before diving into the App Links setup steps, it is important to understand the verification mechanism. Android uses a system called Digital Asset Links to confirm that a domain authorizes a specific app to handle its URLs.
The Verification Flow
1. The developer declares intent filters in `AndroidManifest.xml` with `autoVerify="true"`
2. Android downloads the `assetlinks.json` file from the declared domain
3. The file is validated against the app's package name and SHA-256 certificate fingerprint
4. If validation succeeds, the app is registered as a verified handler for that domain
5. All matching HTTPS URLs open directly in the app
This verification happens at install time and is repeated periodically. If your `assetlinks.json` file is missing, misconfigured, or unreachable at install time, verification silently fails – and users see the disambiguation dialog or land in the browser instead.
Step-by-Step App Links Setup for Android
Step 1: Configure Intent Filters in AndroidManifest.xml
Open your app's `AndroidManifest.xml` and add the correct intent filter to the activity that should handle the link. The critical attributes are:
- `android:autoVerify="true"` – triggers the verification process
- `android:scheme="https"` – App Links only work with HTTPS
- `android:host` – your verified domain
xml
<activity android:name=".MainActivity">
<intent-filter android:autoVerify="true">
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="https"
android:host="www.yourcompany.com" />
</intent-filter>
</activity>
Important: Include both `www.yourcompany.com` and `yourcompany.com` as separate `<data>` entries if users may access either. A mismatch here is the single most common cause of failed verification.
Step 2: Create and Host the assetlinks.json File
The `assetlinks.json` file must be hosted at:
https://www.yourcompany.com/.well-known/assetlinks.json
The file content follows this structure:
json
[{
"relation": ["delegate_permission/common.handle_all_urls"],
"target": {
"namespace": "android_app",
"package_name": "com.yourcompany.app",
"sha256_cert_fingerprints": [
"AA:BB:CC:DD:EE:FF:..."
]
}
}]
Key requirements for this file:
- Must be served over HTTPS (no HTTP fallback)
- Must return `Content-Type: application/json`
- Must NOT be behind a login or redirect
- Must be accessible without cookies or authentication headers
- Response time should be under 1 second – slow responses can cause verification timeouts
Step 3: Retrieve Your SHA-256 Certificate Fingerprint
Your fingerprint depends on how you sign your app:
- Debug builds: Use `keytool -list -v -keystore ~/.android/debug.keystore`
- Release builds: Use your production keystore or retrieve the fingerprint from the Google Play Console under Setup → App Integrity → App signing certificate
Pro tip for teams using Google Play App Signing: You need the SHA-256 from the Play Console, not from your local keystore. Using the wrong fingerprint is the second most common cause of failed verification.
Step 4: Validate Your Configuration
Use the Google Digital Asset Links API to confirm your file is readable and correctly structured before submitting to the store.
You can also test locally using ADB:
bash
adb shell am start -a android.intent.action.VIEW \
-c android.intent.category.BROWSABLE \
-d "https://www.yourcompany.com/product/123"
If the link opens your app directly without a chooser dialog, your App Links setup is working correctly.
Common App Links Setup Mistakes and How to Fix Them
Even experienced Android developers encounter problems during App Links setup. Here are the most frequently encountered issues:
- Wrong SHA-256 fingerprint – Always use the Play-signed certificate fingerprint for production builds, not the debug keystore
- Missing `autoVerify="true"` – Without this attribute, Android will not attempt verification at all
- Redirect on the well-known path – Many CDN or server configurations redirect `.well-known/` paths; this breaks verification because Android does not follow redirects
- HTTP instead of HTTPS – App Links only work with HTTPS; any HTTP scheme declaration is ignored for verification
- Missing `android.intent.category.DEFAULT` – Both `DEFAULT` and `BROWSABLE` are required; omitting either prevents the intent filter from matching correctly
- Stale assetlinks.json after re-signing – If you rotate your signing key or migrate to Play App Signing, you must update the SHA-256 fingerprint in the file immediately
- Multiple subdomains not covered – Each subdomain (e.g., `app.yourcompany.com`, `shop.yourcompany.com`) needs its own `assetlinks.json` entry or must be included in a shared file
App Links Setup for Multi-Environment Deployments
SMBs operating with staging, QA, and production environments face a specific challenge: each environment typically has its own domain and signing certificate. This means you need separate `assetlinks.json` configurations for each.
Recommended Multi-Environment Approach
1. Use productFlavors in your `build.gradle` to define environment-specific package names (e.g., `com.yourcompany.app.staging`)
2. Host separate `assetlinks.json` files on each domain
3. Register separate intent filters per flavor, pointing to the correct environment domain
4. Test verification independently for each environment before promoting a build
This prevents production verification from breaking when staging certificates are updated – a surprisingly common incident in continuous delivery pipelines.
App Links Setup and iOS Universal Links: Managing Both Platforms
If your team ships both Android and iOS apps, you are managing two parallel verification systems:
| Feature | Android App Links | iOS Universal Links |
|---|---|---|
| Verification file | `assetlinks.json` | `apple-app-site-association` |
| File location | `/.well-known/assetlinks.json` | `/.well-known/apple-app-site-association` |
| Scheme required | HTTPS only | HTTPS only |
| Verification trigger | App install | App install |
| Dialog-free opening | Yes (verified) | Yes (verified) |
Both files live under the same `/.well-known/` directory, so a single well-configured web server can serve both. Coordinate your server team early in the App Links setup process to avoid last-minute deployment conflicts.
Measuring the Impact of App Links Setup
Implementing App Links without measuring their performance is a missed opportunity. Connect your App Links to analytics to track:
- Attribution rate – what percentage of HTTPS URLs are opening in-app vs. browser
- Conversion rate per entry point – do users who enter via App Links convert better than those entering via the browser?
- Verification failure rate – monitor Firebase Crashlytics or your analytics platform for unexpected browser fallbacks
Typically, teams that correctly implement and verify App Links see 15–30% improvements in conversion rates on campaign landing pages compared to unverified deep link setups. The exact figure depends on your audience's device mix and the nature of the user action.
When to Get Professional Help With App Links Setup
App Links setup is straightforward in concept but has many failure modes that are difficult to diagnose without proper tooling and experience. Consider bringing in external expertise when:
- Your verification keeps failing despite following documentation steps
- Your app supports more than three entry-point domains
- You are migrating from a legacy custom URI scheme implementation
- Your team lacks Android platform specialists
- You need to ship a reliable deep linking solution within a fixed deadline
A structured technical review of your `AndroidManifest.xml`, `assetlinks.json` configuration, and server setup can identify and resolve issues in hours rather than weeks of trial-and-error debugging.
For more technical insights on mobile development and related topics, visit the Pilecode blog.
App Links Setup Checklist for Production Readiness
Use this checklist before going live:
- [ ] `autoVerify="true"` declared in all relevant intent filters
- [ ] Both `www` and non-`www` variants covered
- [ ] `assetlinks.json` hosted at `/.well-known/assetlinks.json` on all declared domains
- [ ] Correct SHA-256 fingerprint from Play Console (not local keystore) for production
- [ ] No redirects on the `/.well-known/` path
- [ ] `Content-Type: application/json` header confirmed
- [ ] Verified using Google Digital Asset Links API
- [ ] ADB test passes without disambiguation dialog
- [ ] Analytics event firing on App Link opens
- [ ] Fallback behavior (graceful web page) configured for non-Android users
Summary: Building a Reliable App Links Setup
A correctly configured App Links setup is not just a technical checkbox – it is a direct driver of user experience quality and campaign ROI. By verifying domain ownership through `assetlinks.json`, declaring precise intent filters, and testing rigorously across environments, you give your users a seamless path from any digital touchpoint into your Android app.
The investment is modest. The return – in reduced friction, higher conversions, and more reliable marketing attribution – is substantial. Start with a clean manifest configuration, host your verification file correctly, and test before every production release.
If your team needs support implementing or auditing your Android App Links setup, the experts at Pilecode are ready to help.
Schedule a free initial consultation →
Have questions about this topic? Get in Touch.