development

Digital Asset Links

Google's domain verification system that uses an assetlinks.json file to prove ownership between a web domain and an Android app for App Links and Instant Apps.

instant apps deep linking domain verification

Digital Asset Links is Google’s equivalent of Apple’s AASA system. It uses an assetlinks.json file hosted at your domain to verify that your Android app is authorized to handle URLs from that domain.

File Location and Format

The file must be hosted at https://yourdomain.com/.well-known/assetlinks.json:

[{
  "relation": ["delegate_permission/common.handle_all_urls"],
  "target": {
    "namespace": "android_app",
    "package_name": "com.yourcompany.yourapp",
    "sha256_cert_fingerprints": ["YOUR_SIGNING_CERT_SHA256"]
  }
}]

Purpose

Digital Asset Links enable:

  • Android App Links - verified deep links that open your app directly from URLs
  • Instant Apps - loading app modules from URLs without installation
  • Digital Asset Links API - programmatic verification of app-to-domain associations

Verification Process

When a user taps a link, Android checks the assetlinks.json file on the link’s domain. If the file declares your app as authorized and the certificate fingerprint matches, Android opens the link in your app instead of the browser.

Key Differences from AASA

  • Uses SHA-256 certificate fingerprint for verification (AASA uses Team ID + bundle ID)
  • Served as a JSON array rather than a JSON object
  • Requires the android:autoVerify="true" attribute in the AndroidManifest
  • No CDN caching layer like Apple’s (changes take effect when the file is updated)