[maephet]

Alex with Branch here. Let me try to explain how it works. Basically, we use different technologies in different scenarios with the goal to deliver the user to the app as fast as possible.

First off, the most basic case is where we know the user has the app installed. In this case, we use the standard URI scheme based deep link which opens the app up right away and passes the link data. We also handle the case where they had uninstalled the app, by taking them to the app store.

If we have never seen a user before across our entire network of apps based on our first party cookie, we use a mechanism called fingerprinting. It's commonly used for mobile app install attribution to tell a marketer how many installs were generated from a particular advertisement shown in another app or on a mobile site. Basically, we collect as much information as we can in the browser (time, OS, screen size, IP, etc) before redirecting them to the app store. When the user opens up the app, we generate that same set of information inside the app and send it back to our service to match up with a pending browser fingerprint. In the case of a match, we know that new user came from a particular link and pass in all the data associated with the link. This can happen across install and open. If we have seen the user before, we just match up our cookie to the unique device ID once the user shows up.

The service also comes bundled with a free text-me-the app service which helps pass the link data from a desktop click to the phone and eventually the app.

It's everything that we've always wanted as a linking service for our own apps, plus all the accompanying analytics to measure the performance of your various features. Try it out as it's free. We'd also love recommendations or feedback on how we display the data on our dashboard.

Best, Alex

[mey]

https://panopticlick.eff.org/

[rpicard]

What happens when someone's fingerprint matches up with another? Do they get access to data that they shouldn't have access to?

[maephet]

Unfortunately, there is a very low probability of the mismatch until we have effectively seen every device. As our linking service expands, that percentage gets lower and lower. In our experience, the user experience and analytics insight benefit far outweighs the consequence of a mismatch because they are so rare. We encourage our developers not to bundle sensitive data into the links if they use this base case.

If a developer does want 100% match, we have a separate option that can be used with a slightly degraded user experience which pops the browser open really quickly to check the cookie, then returning to the app with the URI scheme.

[jeremyflores]

FWIW, Apple has frowned upon the browser cookie check approach and they might reject a submission using it: http://techcrunch.com/2013/02/25/apple-rejecting-apps-using-...

Do you guys have any estimates as to what the rate of error might be for the fingerprint approach?

Excited to see where you guys are going with this product!

[maephet]

Ah interesting. We wouldn't be using it in every scenario, basically only scenarios where we believe there to be a match and want 100% confirmation.

Thanks for sharing!

[rpicard]

Wouldn't the chance get higher and higher as the service expands? It seems as though there would be more existing fingerprints that might collide.

[dmitrig01]

Dmitri from Branch here. When a user has already had a fingerprint matched once, we can do future matches with much higher certainty, so as more and more users click links and are matched, the chance decreases.

Additionally, as Alex said, though most uses of the links don't require a 100% match rate ("any growth is good"), we do have an option for links which require a 100% match.

[hiroprot]

Alex, thanks for the detailed answer. Looks like you're building some really interesting stuff.