[intosi]

I forgot I had it installed on my phone, but clicking the link opened, to my surprise, the Simply Piano app. Why you'd associate your app with that domain for legitimate purposes is a bit of a mystery to me.

[BillinghamJ]

Isn't that meant to be cryptographically paired? Apps shouldn't be able to intercept random domain names whenever they want

You'd need the right info at URLs like:

https://example.com/apple-app-site-association

https://example.com/.well-known/apple-app-site-association

https://example.com/.well-known/assetlinks.json (Android)

(which obviously don't exist for this domain)

[smashed]

Probably by copy pasting example code?

[pjerem]

That.

[jaffacakes]

This shouldn't be possible on Android. Google requires apps capturing http/s deeplinks verify ownership of the URI.[1] They can accept any other schema declared in their manifest otherwise. Example code would seem most plausible, but I can't see how it would work.

[1] https://developer.android.com/training/app-links/verify-site...

[kevingadd]

Twitter deeplinks open the third-party Twitter client I have installed (Fenix) on Android for me.

[lgats]

iOS or Android?