App Link not opening in Android 12 by default. Possible SHA256 issue

Question

I have set up my deeplink by uploading the assetlinks.json file here

https://example.com/.well-known/assetlinks.json

Its working well till Android 11. It also works in Android 12 if it's not downloaded from Playstore(ie installed from my android studio or from a apk file I made from android studio, works even when I sign the apk file with Keystore.)

When it is downloaded from playstore on Android 12, if you go to App settings->Open by default->Links to open in app. We can see that my domain is disabled by default. I think it has something to do with the sha256 I used in assetlinks.json

I got my assetlinks.json from App Link Assistant in Android studio.(I selected my keystore file also while generating the asssetlinks).

If I go to my play console->Setup->App integrity->App signing

I can see a different Sha256 in the Digital Asset Json section(which is also in App signing key certificate section)

I can see the Sha256 I uploaded in the Upload Key certificate section.

My question is which sha256 should I use in assetlinks.json?

I have seen here that I should use both. If I should, how can I add both the sha256 in my assetlink.json. Can I just add it as a comma separated values like this??

[{
  "relation": ["delegate_permission/common.handle_all_urls"],
  "target": {
    "namespace": "android_app",
    "package_name": "com.example",
    "sha256_cert_fingerprints":
    ["14:6D:E9:83:C5:73:06:50:D8:EE:B9:95:2F:34:FC:64:16:A0:83:42:E6:1D:BE:A8:8A:04:96:B2:3F:CF:44:E5", "NE:XT:SH:A2:56:VA:LU:ER..."]
  }
}]

I want the deep links to work both in debug as well as release builds.

Answer 1

Finally figured out the issue after spending hours figuring it out.

Basically, if you are using the google app signing key that Google uses to sign each of your releases, you need to add the SHA256 from the play console also to the assetlinks.json file for your domain to be verified automatically on the play store app.

This issue was never found out because the signing key used for the non-app store build (testing build) was different, which I got from the Android studio App link assistant

The final assetlinks.json looks something like this :

[
  {
    "relation": ["delegate_permission/common.handle_all_urls"],
    "target": {
      "namespace": "android_app",
      "package_name": "com.example.android",
      "sha256_cert_fingerprints": [
        "SH:A2:56:FR:OM:PL:AY:CO:NS:OL:EX:......"
      ]
    }
  },
  {
    "relation": ["delegate_permission/common.handle_all_urls"],
    "target": {
      "namespace": "android_app",
      "package_name": "com.example.android",
      "sha256_cert_fingerprints": [
        "SH:A2:56:FR:OM:AN:DR:OI:DS:TU:DI:OO......"
      ]
    }
  }]

In my case the playstore build was already published. When I released a new update with few other bugfixes, the new updates had the deeplink automatically verified.

Answer 2

This was my problem too.
Answer below saved my hours

Turns out that if you break

<data android:scheme="http" android:host="www.example.com"/>

into 2 tags

<data android:scheme="http" />
<data android:host="www.example.com" />

in AndroidManifest.xml, the app link will get verified successfully on Android 12. This change also seems backward compatible on older versions of Android, even though the documentation didn't say so explicitly.

Answer reference

Answer 3

In my case after doing the above (all SHA-256 keys in assetlinks, separate the scheme tag) the final culprit turned out to be the "path" tag.

Before (not working):

<data android:host="dl.example.com"
      android:path="/test" />
<data android:scheme="https" />

After (working):

<data android:host="dl.example.com"/>
<data android:scheme="https"/>

Hope it helps someone