How to test iOS Universal Links & Android App Links: Full Guide
Deep linking is crucial for companies to route users directly to specific app content, boosting engagement and conversions. Median’s Deep Linking Validator is a free tool for testing and validating iOS and Android deep link configurations, ensuring HTTPS access, correct JSON formatting, and accurate app identifiers. Follow a simple 5-step process to validate your setup, fix issues, and guarantee seamless deep linking for your mobile apps.
A deep linking validator is a specialized tool that tests and verifies the configuration of deep links for iOS and Android apps.
In a nutshell: a deep linking validator ensures that essential files such asapple-app-site-association (AASA) for iOS andassetlinks.json for Android are correctly set up, accessible via HTTPS, properly formatted in JSON, and contain accurate app identifiers.
For companies, using a deep linking validator is important because it prevents common issues that cause deep links to fail, such as HTTPS errors, redirects, JSON syntax problems, and mismatched app identifiers.
Enter your URL to build a mobile app
Proper validation guarantees that when users click incoming links, they are seamlessly routed to the intended specific screen within the app rather than a fallback webpage or error page.
This validation process supports multiple apps, enhances security by verifying domain ownership, and improves user experience by enabling smooth transitions between web content and app screens.
It also helps enterprise teams maintain more consistent onboarding and navigation flows across mobile experiences.
Median’s Deep Linking Validator is an easy to use deeplink tester that inspects both iOS and Android configurations simultaneously, providing detailed error reports and actionable fixes.
It ensures your app consistently opens the correct screen on the user’s device whenever a deep link is activated, maximizing the benefits of deep linking technology.
What is deep linking for iOS and Android apps
Deep linking allows users to be directed to specific content within a mobile app, enhancing user experience by reducing the number of steps needed to reach desired content.
For Fortune 500 companies, this means seamless transitions between web URLs and app content, supporting everything from marketing campaigns to internal tool workflows.
Apple App Site Association (AASA) files for iOS
Universal links on iOS require an apple-app-site-association file hosted at /.well-known/apple-app-site-association on your domain.
This file must be served over HTTPS with a valid certificate, return HTTP 200 with no redirects, and use JSON content-type.
The AASA file contains your app’s Team ID and Bundle ID, along with path components defining which URLs the associated app should handle.
Apple caches AASA files through its CDN infrastructure, which means configuration changes may take time to propagate across devices.
Pro tip: Use the Console app on macOS to monitor device logs during iOS deep link testing for real-time error messages and validation feedback.
App links and Asset links for Android
App links on Android use an assetlinks.json file hosted at /.well-known/assetlinks.json.
This file maps your domain to your app’s package name and SHA-256 signing certificate fingerprints. When a user taps a web link, the device verifies this file to determine if the app should open directly.
There are three main types of deep links supported on Android: traditional deep links using URI schemes, app links verified through Asset Links, and deferred deep links for users without the app installed.
Dynamic App Links, introduced in Android 15 (and still current in Android 16), allow developers to update deep linking rules via the assetlinks.json file without requiring a new app release, with changes applied dynamically on supported devices.
Pro tip: Use the Android Debug Bridge (adb) command to monitor device logs during Android deep link testing for real-time error messages and validation feedback.
Why does deep link validation matter
Mobile apps, be it a native apps or hybrid apps, operate under different requirements than consumer apps. Production reliability, security compliance, and user experience directly impact business operations and revenue.
Production app reliability
Enterprise apps often operate under strict reliability and uptime expectations. When deep links fail, users land in a browser instead of the app, losing context and creating friction.
Some advertisers have reported conversion uplifts as high as 2.8x when combining deep linking with optimized app engagement campaigns.
Validation before deployment prevents broken links from reaching production.
Deep linking enhances user experience by allowing users to bypass generic homepages and navigate directly to specific content within an app, which can lead to higher engagement and conversion rates.
Security and compliance requirements
By properly securing your configurations, you ensure your app only responds to your specific domain. It’s a simple step that protects your users from link hijacking.
HTTPS verification and proper app identifiers prevent link hijacking, where malicious apps could intercept URLs intended for your app. Enterprise security policies require verified domain ownership through properly configured AASA and Asset Links files.
Do not pass sensitive data through deep links. Instead, trigger secure actions within the app to handle sensitive information safely. This approach maintains compliance while still enabling deep link functionality for referral programs and personalized campaigns.
User experience and business impact
Deep linking enables seamless transitions between web and app, allowing users to move from browsing a website to engaging with an app without losing context.
It helps re-engage dormant users through targeted, personalized campaigns.
Deep linking can support attribution tracking and campaign measurement across app experiences.
Contextual deep links include additional parameters, such as referral codes or promo IDs, to immediately personalize the user experience upon app launch.
How to test deep links before building your app
You can test your deep links for both iOS and Android with Median’s Deep Linking Validator. It is a free deep linking validator that provides app teams with comprehensive testing for AASA and asset.json files.
It validates your server-side setup and identifies configuration issues before they affect production users.
Why test your deep links with Median’s Deep Linking Validator
The validator performs simultaneous validation of iOS AASA files and Android Asset Links, checking:
HTTPS access and SSL certificate validity
Redirect behavior (redirects are not supported for configuration files)
MIME type and content-type headers
JSON syntax and structure validity
App identifier verification (Team ID, Bundle ID, package name, SHA-256 fingerprints)
Path component and matching rule validation
Step-by-step: How to use Median’s Deep Linking Validator
Test your deep links across major devices and supported OS versions before launch. Here’s the complete process for app teams teams:
Step 1: Enter your domain in the textbox field on the validator page.
Step 2: Click the “Validate now” button. The tool will fetch and inspect your configuration files immediately for both iOS and Android.
Step 3: Wait for the analysis to complete. The tool checks HTTPS access, redirects, MIME type, and JSON validity.
Step 4: Review your results below. You’ll see two sections:
iOS validation (AASA file): Shows whether your apple-app-site-association configuration passes or fails
Android validation (Asset Links): Shows whether your assetlinks.json configuration passes or fails
Each section displays specific checks and their status.
Step 5: Fix issues and re-validate. Update your configuration (file path, HTTPS, JSON, app identifiers), then re-run the test to confirm everything passes.
Understanding validation results
Pass indicators confirm your configuration meets platform requirements. Fail indicators identify specific problems:
HTTPS errors: Certificate issues or HTTP-only access
Redirect detected: Configuration files cannot use 301/302 redirects
JSON invalid: Syntax errors or malformed structure
Identifier mismatch: App IDs or fingerprints don’t match expected values
File not found: Configuration file missing or inaccessible at expected path
Pro tip: Prioritize high-impact errors first. HTTPS and JSON validity issues prevent any deep links from working, while path matching issues may only affect specific URLs.
Common deep link configuration issues and solutions
For deep links to work effectively, they must be tested using tools like the Android Debug Bridge (adb) to ensure that the intent filter URIs resolve correctly to the intended app activity.
However, server-side validation catches most issues before they require device testing.
HTTPS and SSL certificate problems
Solution: Ensure proper SSL certificate installation and HTTPS-only access to configuration files. Configuration files must return HTTP 200 with no redirects.
Enterprise considerations include certificate authority requirements, internal CAs, and certificate renewal processes that may temporarily break deep links.
JSON syntax and format errors
Solution: Validate JSON syntax and ensure proper formatting. iOS AASA files have a 128 KB size limit. Both platforms require specific field structures.
To create deep links in Android, you need to add intent filters in your app’s manifest file that specify the action, data, and category for the links your app will handle. These must match the declarations in your Asset Links file.
App identifier mismatches
Solution: Verify app bundle identifiers match exactly between configuration files and published apps.
For Android, if usingPlay App Signing, obtain the correct SHA-256 fingerprint from Play Console rather than your local signing certificate.
File path and server configuration issues
Solution: Ensure configuration files are accessible at /.well-known/ paths with proper MIME types (application/json). Enterprise CDNs, firewalls, or authentication systems may block or alter these paths.
Avoid linking to content behind login walls unless the user is already authenticated, as this can create friction and frustration for users.
Keep fallback experiences helpful and not generic, ensuring that users still receive value even if the deep link does not open the app.
Conclusion
Deep link validation is essential for ensuring your mobile app’s deep linking setup works reliably across iOS and Android.
Properly configured deep links, Universal Links, and Android App Links help users open the correct in-app content without friction, improving user experience, app engagement, and conversion rates.
Contextual deep linking also helps marketers track campaign attribution and measure which channels, ads, and campaigns drive the highest engagement and installs.
Frequently asked questions
What is the advantage of using Median’s Deep Linking Validator over other tools?
Median’s Deep Linking Validator offers a seamless experience by validating both iOS and Android deep link configurations simultaneously. It checks HTTPS access, redirects, JSON validity, and app identifiers in one place, saving app teams time and reducing errors compared to using multiple tools or manual adb shell commands.
How does deep linking improve app opens and user engagement for mobile apps?
Deep linking directs users from other sites, notifications, or other links straight to relevant content inside your app, reducing friction and increasing conversion rates. Companies benefit from the ability to deliver targeted, contextual content that enhances user retention and drives measurable business outcomes.
Related articles
