Deep linking started with a simple idea: tap a link, land inside an app. In the early days, custom URL schemes like myapp://product/123 were the only option, and they were fragile. There was no verification, no fallback, and no way to know whether the app was even installed. When Apple introduced Universal Links in iOS 9 and Google followed with App Links on Android 6.0, deep linking matured into something reliable: verified, HTTPS-based connections between web URLs and app content.
But that was 2015. A decade later, the landscape looks dramatically different. Privacy regulations have reshaped how attribution works. AI assistants are becoming a primary way people discover content. Wearables and new form factors are multiplying the surfaces where links need to work. The line between web and app is thinner than ever.
So what comes next for the future of deep linking? This article maps out the trends, technologies, and architectural shifts that will define mobile deep linking over the next several years, and what developers should be doing right now to prepare.
The Privacy-First Era
The single biggest force reshaping deep linking is privacy. Apple's App Tracking Transparency (ATT) framework, introduced in iOS 14.5, gave users the ability to opt out of cross-app tracking. The result was swift: roughly 75% of users chose not to be tracked, effectively killing the IDFA as a reliable attribution signal for most apps.
Google's Privacy Sandbox for Android is following a similar trajectory, albeit more gradually. The Topics API replaces granular user-level tracking with coarse interest categories. The Attribution Reporting API limits what data advertisers can receive about conversions. Third-party cookies are disappearing from the web entirely.
What does this mean for deep linking?
First, fingerprinting (matching device attributes, IP addresses, and user agents to stitch together a journey from ad click to app install) is dying. Apple's Private Relay masks IP addresses for Safari users. Google's Privacy Sandbox documentation explicitly discourages fingerprinting.
Second, deferred deep linking needs to evolve. Traditional deferred deep linking relied on fingerprinting to match a pre-install click to a post-install open. Privacy-preserving alternatives are emerging: Apple's SKAdNetwork (now on version 5) provides limited but privacy-safe attribution data, and Google's Attribution Reporting API offers a similar mechanism.
Third, first-party data becomes essential. Deep links that carry contextual parameters (campaign IDs, referral codes, content identifiers) directly in the URL are more valuable than ever. When a user clicks a link with ?ref=spring-campaign&content=product-42, that context travels with them through install and app open without requiring cross-app tracking.
The future of deep linking is not about tracking users. It is about carrying context through user journeys while respecting privacy.
App Clips and Instant Apps
One of the most compelling developments in mobile linking is the rise of lightweight, instant app experiences. Apple's App Clips and Google's Instant Apps both allow users to access a small portion of an app without installing the full application.
App Clips can be triggered by NFC tags, QR codes, Safari Smart App Banners, links in Messages, and location-based suggestions. They are limited to 15 MB (as of iOS 17) and are designed for quick, transactional tasks: ordering food, renting a scooter, paying for parking. Each App Clip is associated with an App Clip experience URL, which is essentially a deep link that points to a specific experience.
Google's Instant Apps work similarly. A user can tap a link and immediately interact with a native Android experience without going through the Play Store install flow. The Try Now button on Google Play listings is one entry point, but instant experiences can also be triggered by standard web URLs.
These technologies change the calculus of deep linking in a fundamental way. The traditional deep linking question was: "Is the app installed? If yes, open it. If no, send the user to the app store." App Clips and Instant Apps add a third option: "If the app is not installed, give the user a lightweight native experience right now, and let them install the full app later if they want."
This is particularly powerful for commerce and on-demand services. A restaurant can put an NFC tag on every table that launches an ordering App Clip. A retailer can embed QR codes in print ads that open an instant shopping experience. The deep link is no longer just a routing mechanism; it is the entry point to an entire (if small) application experience.
As Apple and Google continue investing in these frameworks, expect the distinction between "installed app" and "not installed" to matter less and less. Deep linking infrastructure will need to support routing to App Clips and Instant Apps as first-class destinations.
AI Assistants and Deep Links
AI assistants are becoming a major interface through which people interact with apps and services. Siri, Google Assistant, and newer entrants like ChatGPT's plugins and actions are all capable of triggering deep links, sometimes without the user ever seeing a traditional link.
Apple's App Intents framework (introduced in iOS 16 and expanded significantly in iOS 17 and 18) allows apps to expose actions and content to Siri, Spotlight, and the Shortcuts app. When a user says "Order my usual from CoffeeApp," Siri can resolve that intent to a specific deep link within the app. The app does not need to be open. The user does not need to see a URL. But under the hood, the system is still routing to specific content within an app, which is fundamentally what deep linking does.
Google's equivalent is Android App Actions, which allows apps to register built-in intents (like ordering food, starting a workout, or checking an account balance) that Google Assistant can invoke directly.
Then there is the broader AI agent landscape. OpenAI's ChatGPT plugins and the emerging MCP (Model Context Protocol) standard are creating frameworks for AI models to interact with external services. When a user asks an assistant to "find me a hotel in Portland for next weekend," the AI might query a hotel API and generate a deep link that opens the booking flow directly.
The implication: the "link" may become invisible. Users will not tap blue underlined text. AI assistants will construct and invoke deep links programmatically based on natural language requests.
For developers, this means deep link schemas need to be well-structured, well-documented, and machine-readable. If your app's content is not addressable via clean, predictable URLs, AI assistants will not be able to surface it. We explore this topic in depth in our article on deep linking and AI assistants. Investing in a clear deep linking architecture today is an investment in AI discoverability tomorrow.
Wearables and New Surfaces
The smartphone is no longer the only screen. Apple Watch, Android Wear OS devices, smart glasses (like Meta's Ray-Ban smart glasses with their growing feature set), car infotainment systems running CarPlay and Android Auto, and smart home displays are all surfaces where deep links need to function.
Consider the Apple Watch. WatchOS supports Universal Links, but a deep link that opens a product detail page on iPhone might need to open a simplified view on Watch, or hand off to the paired iPhone entirely. Apple's Handoff framework enables this, but it requires explicit developer support.
Car displays present another challenge. Both CarPlay and Android Auto restrict the types of apps and interactions available while driving. A deep link to a navigation destination works naturally here. A deep link to a shopping cart does not. Deep linking infrastructure needs to become surface-aware: not just "which app" and "which content" but "which device" and "what interaction is appropriate."
Apple's Vision Pro runs visionOS, which supports Universal Links natively. As spatial computing matures, deep links may need to resolve to 3D experiences or AR overlays. Meta's smart glasses can already interact with Meta AI, suggesting that wearable-triggered deep links will only grow more common.
The common thread: deep linking can no longer assume a phone-sized touchscreen. The infrastructure must adapt link behavior based on the device and context receiving the link.
The Web and App Convergence
The boundary between web and native app has been eroding for years, and several technologies are accelerating this convergence.
Progressive Web Apps (PWAs) can now do many things that once required a native app: push notifications (supported in Safari since iOS 16.4), offline access, home screen installation, and access to device APIs like the camera and geolocation. The W3C Web App Manifest spec defines how web apps declare themselves, including their URL scope and display preferences.
Project Fugu, the cross-company effort (led primarily by Google, Microsoft, and Intel) to bring native capabilities to the web, has delivered APIs for file system access, Bluetooth, NFC, and more. Each new capability narrows the gap between what a web page and a native app can do.
One API from this effort deserves special attention for deep linking: the getInstalledRelatedApps API. This API allows a website to detect whether its related native app is installed on the user's device, without any fingerprinting or tracking. It works by checking the related_applications field in the web app manifest against actually installed applications. This is exactly the kind of signal that deep linking infrastructure needs: a privacy-preserving way to decide whether to route to an app or keep the user on the web.
As the web gains more capabilities, the deep linking decision tree becomes more nuanced. It is no longer just "app or app store." It could be "native app, PWA, App Clip, Instant App, or full web experience," depending on what the user has installed, what device they are on, and what the content demands. Deep linking platforms that can navigate this decision intelligently will be essential.
Cross-Device Deep Linking
Users do not live on a single device. They start reading an article on their phone during a commute, continue on a laptop at work, and finish on a tablet at home. Cross-device deep linking, the ability to transfer a user's context from one device to another, is becoming a baseline expectation.
Apple's Handoff and Universal Clipboard features allow continuity across iPhone, iPad, Mac, and Apple Watch for apps that adopt the NSUserActivity framework. Google offers similar capabilities through Cross-device SDK and Chrome's ability to send tabs between devices.
Cross-device linking gets harder when devices span different platforms. Moving from an iPhone to a Windows laptop breaks Apple's continuity frameworks. This is where web-based deep links have an advantage: a URL works everywhere. If the deep link resolves to a web fallback on platforms where the native app is unavailable, the user can still reach the content.
The challenge is preserving context. If a user is midway through a checkout flow on their phone, the deep link that continues on another device needs to carry enough state to resume where they left off. This requires server-side session management and deep links that encode or reference session state.
Cross-device linking also intersects with privacy. Connecting a user's activity across devices requires some form of identity: an authenticated account, a shared iCloud identity, or a Google account. As privacy restrictions tighten, authenticated cross-device experiences become the primary reliable mechanism.
Super Apps and Mini Programs
In Western markets, each app is its own island. In much of Asia, the dominant model is the super app: a single application (like WeChat, Alipay, or Grab) that hosts hundreds or thousands of "mini programs" within it. WeChat alone has over 4 million mini programs serving more than a billion users.
Deep linking within a super app works differently. Instead of routing between independent apps via Universal Links or App Links, the super app provides its own internal routing mechanism. WeChat mini programs have their own URL schemes and page paths. Each super app is, in effect, its own operating system with its own navigation model.
Why does this matter outside Asia? Because elements of the super app model are appearing everywhere. App Clips and Instant Apps are conceptually similar to mini programs. Messaging apps like iMessage (with its App Store for iMessage) and Telegram (with its Bot API and Mini Apps) are becoming platforms that host smaller app experiences.
If this trend continues, deep linking will need to work not just at the operating system level (routing between apps) but also at the container level (routing within a host app to a specific mini experience). This adds another layer of complexity to the routing decision: "Open the full app, open the App Clip, open the mini program within SuperApp X, or fall back to the web?"
Decentralized Identity and Deep Links
The rise of passkeys and verifiable credentials is changing how authentication works on the web and in apps. Combined with blockchain-based identity solutions (see our article on deep linking and web3), these technologies have a closer relationship to deep linking than you might expect.
Passkeys, built on the FIDO2/WebAuthn standard, replace passwords with cryptographic key pairs stored on the user's device. Both Apple and Google have built passkey support into their operating systems, with sync via iCloud Keychain and Google Password Manager.
The intersection with deep linking comes in authentication handoff scenarios. Consider a link shared via email: "Click here to approve this transaction." That link needs to open the right app, authenticate the user, and present the transaction for approval. With passkeys, authentication can happen silently via the OS, making the deep link feel like a single action rather than a link-then-login-then-navigate sequence.
Verifiable credentials take this further. The W3C Verifiable Credentials Data Model defines a standard for digital credentials (age verification, employment status, educational qualifications) that can be presented without revealing unnecessary personal information. A deep link could carry a request for a specific credential: "Present your verified age to access this content." The user's digital wallet (Apple Wallet, Google Wallet, or a third-party app) handles the credential presentation.
This pattern, where a deep link carries not just a content destination but an authorization or identity request, is likely to become more common as digital identity infrastructure matures.
What Developers Should Do Now
The trends above are unfolding at different speeds, but they all point in the same direction. Here is what developers should prioritize today to be ready for what is coming.
Build on standards, not workarounds. Use Universal Links and Android App Links with verified HTTPS domains. For a full breakdown of what has changed, see our guide on deep linking standards in 2026. Custom URL schemes and fingerprinting-based deferred deep linking are technical debt that will only get harder to maintain as privacy restrictions tighten.
Structure your deep link schema thoughtfully. Every piece of content in your app should have a clean, predictable URL. This is not just about deep linking; it is about AI discoverability, search indexing, and future-proofing for surfaces that do not exist yet. Use RESTful patterns: /products/{id}, /orders/{id}/status, /articles/{slug}.
Invest in first-party data. As third-party tracking disappears, your own authenticated user base becomes your most valuable attribution asset. Encourage account creation. Use deep link parameters to carry campaign context. Build your own analytics and attribution pipeline around first-party data.
Support App Clips and Instant Apps. If your app has transactional flows (ordering, booking, payments), carve those out into lightweight experiences that can be triggered by deep links without requiring a full install. Our guide on deep linking with App Clips covers the implementation details. The upfront investment pays off in conversion rates.
Adopt passkeys. Replace password-based authentication with passkeys to reduce friction in deep link flows that require authentication. The combination of a deep link and a passkey creates an experience where the user taps a link and arrives authenticated at the right content with minimal friction.
Implement Handoff and cross-device support. Adopt NSUserActivity on Apple platforms and explore Google's Cross-device SDK. Even if cross-device usage is a small percentage of your traffic today, it is growing steadily as multi-device ownership increases.
Make your links surface-aware. Start thinking about how your deep links should behave on a watch, in a car, or on a smart display. You do not need to support every surface today, but designing your link routing with surface metadata in mind will make future adaptation easier.
How Tolinku Is Preparing
At Tolinku, we are building deep linking infrastructure with these trends in mind. Our approach is grounded in a few principles.
Standards first. Tolinku generates verified Universal Links and App Links by default, not custom URL schemes or JavaScript redirects. The underlying implementation uses the same domain verification that Apple and Google require, so your links work reliably today and will continue working as both platforms evolve.
Privacy by design. Our deferred deep linking carries contextual parameters through the install flow using first-party mechanisms, minimizing reliance on fingerprinting techniques that are being deprecated.
Multi-surface flexibility. As new devices and surfaces emerge, the routing logic behind a deep link will need to account for more variables. Tolinku's route configuration is designed to be extensible, so adding new destination types (App Clips, Instant Apps, PWAs) does not require rebuilding your link infrastructure from scratch.
Conclusion
The future of deep linking is not a single dramatic shift. It is a steady evolution driven by privacy regulation, new device form factors, AI-mediated interactions, and the continued convergence of web and native platforms.
The core concept remains the same: get the user to the right content in the right context. But "the right context" now means accounting for privacy constraints, device capabilities, authentication state, and whether the user is talking to a screen, a voice assistant, or an AI chatbot.
Developers who build on open standards and invest in clean URL architectures will be well-positioned regardless of which trends accelerate fastest. The links you build today should work on devices and interfaces that have not been invented yet. That is only possible if those links are built on HTTPS, verified domains, and flexible routing logic.
Deep linking got us from clumsy URL schemes to verified, content-addressable links. The next chapter takes those links everywhere: onto watches, into cars, through AI assistants, across devices, and into whatever surfaces come after. The fundamentals have not changed. The surface area has.
Get deep linking tips in your inbox
One email per week. No spam.
