Deep Linking in 2025: Still a Nightmare or Finally Solved?

Deep links promised seamless journeys, instead we got midnight assetlinks.json audits and “why did this open in Chrome?” pings. It’s 2025 — has Android finally fixed it?Short answer: mostly yes… if you implement it the 2025 way. Let’s compare old vs ne…


This content originally appeared on Level Up Coding - Medium and was authored by Vaibhav Shakya | Mr Neo

Deep links promised seamless journeys, instead we got midnight assetlinks.json audits and “why did this open in Chrome?” pings. It’s 2025 — has Android finally fixed it?

Short answer: mostly yes… if you implement it the 2025 way. Let’s compare old vs new, then walk through a production-ready setup.

Then vs Now

Old world (pre-2022)

  • Custom URI schemes (myapp://…) → collision-prone, no trust.
  • Messy manifest filters, many false positives.
  • “Works on my device” testing.
  • Deferred deep linking = DIY hacks.

2025 reality

  • Android App Links with Digital Asset Links (DAL) are the default & policy-friendly. Browsers hand off to your app only if the domain is verified.
  • Verification, diagnostics, and dashboards in Play Console are much better.
  • Deferred deep linking is clean via Play Install Referrer.
  • Play Integrity can protect link flows against tampering (especially for fintech).

The 2025 Implementation (Step-by-Step)

1) Declare App Links in the Manifest (with verification)

<!-- AndroidManifest.xml -->
<activity
    android:name=".ui.DeepLinkEntryActivity"
    android:exported="true">
  <intent-filter android:autoVerify="true">
    <action android:name="android.intent.action.VIEW"/>
    <category android:name="android.intent.category.DEFAULT"/>
    <category android:name="android.intent.category.BROWSABLE"/>
  <!-- Primary production domain -->
    <data android:scheme="https"
          android:host="app.example.com" />
    <!-- Optional: additional paths -->
    <data android:scheme="https"
          android:host="app.example.com"
          android:pathPrefix="/pay"/>
    <data android:scheme="https"
          android:host="app.example.com"
          android:pathPrefix="/invite"/>
  </intent-filter>
  <!-- UAT/QA domains -->
  <intent-filter android:autoVerify="true">
    <action android:name="android.intent.action.VIEW"/>
    <category android:name="android.intent.category.DEFAULT"/>
    <category android:name="android.intent.category.BROWSABLE"/>
    <data android:scheme="https" android:host="uat.example.com"/>
    <data android:scheme="https" android:host="qa.example.com"/>
  </intent-filter>
</activity>

2) Host .well-known/assetlinks.json with correct fingerprints

At each domain (and subdomain) you claim, host:

[
  {
    "relation": ["delegate_permission/common.handle_all_urls"],
    "target": {
      "namespace": "android_app",
      "package_name": "com.example.app",
      "sha256_cert_fingerprints": [
        "AA:BB:CC:...:ZZ",   // App Signing cert (Play)
        "11:22:33:...:FF"   // Optional: legacy upload cert if needed
      ]
    }
  }
]

Tips:

  • Use your Play App-Signing certificate.
  • Compute fingerprints with keytool.

3) Verify & monitor

  • In Play Console, check deep link verification and errors.
  • In Android Studio → App Links Assistant, generate the file and test.
  • Device-side testing without browser cache:
adb shell am start -a android.intent.action.VIEW \
  -d "https://app.example.com/pay?invoice=123" com.example.app

4) Route links in code (single entrypoint, clean parsing)

// DeepLinkEntryActivity.kt
class DeepLinkEntryActivity : AppCompatActivity() {

  override fun onCreate(savedInstanceState: Bundle?) {
    super.onCreate(savedInstanceState)
    handleIntent(intent)
    finish()
  }
  override fun onNewIntent(intent: Intent) {
    super.onNewIntent(intent)
    handleIntent(intent)
  }
  private fun handleIntent(intent: Intent) {
    val uri = intent.data ?: return
    DeepLinkRouter.route(this, uri)
  }
}

// DeepLinkRouter.kt
object DeepLinkRouter {
  fun route(context: Context, uri: Uri) {
    val path = uri.path.orEmpty()
    when {
      path.startsWith("/pay") -> {
        val invoiceId = uri.getQueryParameter("invoice")
        context.startActivity(
          Intent(context, PaymentActivity::class.java).apply {
            putExtra("invoice_id", invoiceId)
          }
        )
      }
      path.startsWith("/invite") -> {
        val token = uri.getQueryParameter("t")
        context.startActivity(
          Intent(context, InviteAcceptActivity::class.java)
            .putExtra("token", token)
        )
      }
      else -> {
        context.startActivity(
          Intent(context, MainActivity::class.java)
            .putExtra("deep_link_uri", uri.toString())
        )
      }
    }
  }
}

5) Add Deferred Deep Linking (post-install routing)

Gradle

dependencies {
  implementation "com.android.installreferrer:installreferrer:2.2"
}

Usage

class ReferrerReader @Inject constructor(
  private val appScope: CoroutineScope
) {
  fun checkReferrer(onDeepLink: (Uri) -> Unit) {
    appScope.launch(Dispatchers.IO) {
      val client = InstallReferrerClient.newBuilder(appContext).build()
      try {
        client.startConnection(object : InstallReferrerStateListener {
          override fun onInstallReferrerSetupFinished(code: Int) {
            if (code == InstallReferrerClient.InstallReferrerResponse.OK) {
              val details = client.installReferrer
              val rawRef = details.installReferrer
              val params = Uri.parse("scheme://dummy?$rawRef")
              params.getQueryParameter("deep_link")?.let {
                onDeepLink(Uri.parse(it))
              }
            }
            client.endConnection()
          }
          override fun onInstallReferrerServiceDisconnected() {}
        })
      } catch (_: Exception) { }
    }
  }
}

6) Secure high-risk flows (fintech, OAuth, payments)

  • Use Play Integrity API to attest app + device state before honoring sensitive deep links.
  • Always prefer App Links over custom URI schemes.

Common Pitfalls & Quick Fixes (2025)

  1. “Verified but still opens browser” → Wrong fingerprint or Play not updated yet.
  2. Multiple environments → Host separate assetlinks.json on each domain.
  3. Testing chaos → Use adb instead of browser clicks.
  4. Deferred deep link lost → Always URL-encode the deep link param and persist it.

Minimal “Ready-for-Prod” Checklist

  • Manifest autoVerify=true + scoped path filters
  • DAL hosted on every domain with correct cert fingerprints
  • Central DeepLinkRouter with unit tests
  • Deferred deep link via Install Referrer
  • Play Console shows green verification
  • Integrity API added for sensitive journeys

Verdict

So — nightmare or solved?
Mostly solved — if you treat deep links like a first-class feature.

Do App Links + DAL, automate your environment files, route centrally, and wire in deferred deep linking. Add Integrity for sensitive journeys. Do that, and those 11 PM “why Chrome?” pings become rare.

Until then, may your assetlinks.json always match and your QA never find a “link opens in browser” bug right before release.

Written as a Developer who has debugged enough deep link failures to write a horror novel. If you’ve survived one too, welcome to the club.

Deep Linking in 2025: Still a Nightmare or Finally Solved? was originally published in Level Up Coding on Medium, where people are continuing the conversation by highlighting and responding to this story.


This content originally appeared on Level Up Coding - Medium and was authored by Vaibhav Shakya | Mr Neo


Print Share Comment Cite Upload Translate Updates
APA

Vaibhav Shakya | Mr Neo | Sciencx (2025-09-03T14:27:56+00:00) Deep Linking in 2025: Still a Nightmare or Finally Solved?. Retrieved from https://www.scien.cx/2025/09/03/deep-linking-in-2025-still-a-nightmare-or-finally-solved/

MLA
" » Deep Linking in 2025: Still a Nightmare or Finally Solved?." Vaibhav Shakya | Mr Neo | Sciencx - Wednesday September 3, 2025, https://www.scien.cx/2025/09/03/deep-linking-in-2025-still-a-nightmare-or-finally-solved/
HARVARD
Vaibhav Shakya | Mr Neo | Sciencx Wednesday September 3, 2025 » Deep Linking in 2025: Still a Nightmare or Finally Solved?., viewed ,<https://www.scien.cx/2025/09/03/deep-linking-in-2025-still-a-nightmare-or-finally-solved/>
VANCOUVER
Vaibhav Shakya | Mr Neo | Sciencx - » Deep Linking in 2025: Still a Nightmare or Finally Solved?. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2025/09/03/deep-linking-in-2025-still-a-nightmare-or-finally-solved/
CHICAGO
" » Deep Linking in 2025: Still a Nightmare or Finally Solved?." Vaibhav Shakya | Mr Neo | Sciencx - Accessed . https://www.scien.cx/2025/09/03/deep-linking-in-2025-still-a-nightmare-or-finally-solved/
IEEE
" » Deep Linking in 2025: Still a Nightmare or Finally Solved?." Vaibhav Shakya | Mr Neo | Sciencx [Online]. Available: https://www.scien.cx/2025/09/03/deep-linking-in-2025-still-a-nightmare-or-finally-solved/. [Accessed: ]
rf:citation
» Deep Linking in 2025: Still a Nightmare or Finally Solved? | Vaibhav Shakya | Mr Neo | Sciencx | https://www.scien.cx/2025/09/03/deep-linking-in-2025-still-a-nightmare-or-finally-solved/ |

Please log in to upload a file.



There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.

Related Posts