AssetLinks.json Validator

Method 1: Using keytool (Recommended)

Use the Java keytool utility included with your JDK:

keytool -list -v -keystore ~/.android/debug.keystore -alias androiddebugkey -storepass android -keypass android

For release keystore:

keytool -list -v -keystore /path/to/my-release-key.jks -alias my-key-alias

Look for the "SHA256:" line in the output. Copy only the 64-character hexadecimal part (after "SHA256: ") and convert it to the colon-separated format for assetlinks.json.

Method 2: From Google Play Console

If your app is already published on Google Play:

1. Go to your app in Google Play Console
2. Navigate to Settings > App signing
3. Find "App signing certificate"
4. Click "Details" to view the SHA-256 fingerprint
5. Copy the SHA-256 value (already in colon-separated format)

Note: This is your release certificate fingerprint. For debug builds, you still need to use keytool with your debug keystore.

Method 3: Using Android Studio

In Android Studio:

1. Open Build > Analyze APK
2. Select your signed APK
3. Navigate to the Certificates tab
4. Look for the SHA-256 fingerprint in the certificate details

Error: File Not Found (404)

Problem: assetlinks.json is not accessible at /.well-known/assetlinks.json

Solution:

• Verify the file exists at the correct path: https://your-domain.com/.well-known/assetlinks.json
• Check that the .well-known directory exists and is readable
• Ensure file permissions allow web server access
• Verify the filename is spelled correctly (case-sensitive)

Error: Wrong Content-Type

Problem: Server returns wrong Content-Type (e.g., text/plain or text/html instead of application/json)

Solution:

• Configure your web server to serve assetlinks.json with Content-Type: application/json
• For Apache: Add AddType application/json .json to .htaccess
• For Nginx: Add types { application/json json; } to config
• For Node.js/Express: Use middleware like express-static with proper MIME type configuration

Error: HTTP Instead of HTTPS

Problem: assetlinks.json is served over HTTP instead of HTTPS

Solution:

• Configure your domain to use HTTPS with a valid SSL certificate
• Redirect all HTTP traffic to HTTPS
• Android App Links require HTTPS for security reasons
• Use a service like Let's Encrypt for free SSL certificates

Error: Invalid JSON Format

Problem: assetlinks.json contains malformed JSON (syntax errors)

Solution:

• Validate JSON syntax using an online JSON validator
• Check for missing commas between array/object elements
• Ensure all quotes are properly closed and escaped
• Verify no trailing commas exist in arrays or objects
• Use a code editor with JSON syntax highlighting

Error: Wrong SHA-256 Fingerprint

Problem: SHA-256 fingerprint in assetlinks.json doesn't match your app's signing certificate

Solution:

• Re-verify your SHA-256 fingerprint using keytool or Google Play Console
• Ensure format is correct: 64-char hex with colons every 2 characters
• Include fingerprints for BOTH debug and release certificates
• Check that you're using the right keystore file
• Verify the app you're testing is signed with the certificate in assetlinks.json

Error: Wrong Package Name

Problem: Package name in assetlinks.json doesn't match your app's AndroidManifest.xml

Solution:

• Open your AndroidManifest.xml and find the exact package name in the manifest tag
• Update assetlinks.json with the exact same package name
• Package names are case-sensitive
• Don't include activity or service names; use only the root package

Error: No Automatic App Opening

Problem: Links still show app chooser despite valid assetlinks.json

Solution:

• Ensure AndroidManifest.xml has android:autoVerify="true"
• Uninstall the app completely and reinstall fresh from Google Play or signed APK
• Android verifies assetlinks.json during installation; reinstalling re-triggers verification
• Clear app data and cache, then reinstall
• Wait 24-48 hours for Play Console to update distribution if recently changed

Error: Multiple Signing Certificates Not Included

Problem: assetlinks.json only includes release fingerprint, but debug builds fail

Solution:

• Add both debug and release SHA-256 fingerprints to the sha256_cert_fingerprints array
• This allows both development testing and production builds to work
• Include fingerprints for any other signing certificates you use

Q: What is assetlinks.json and why do I need it?

assetlinks.json is a security configuration file that establishes a verified relationship between your Android app and website domain. Without it, Android shows an app chooser dialog when users click links to your domain. With proper assetlinks.json setup, Android automatically opens qualifying links directly in your app, creating a seamless user experience. This automatic behavior is called Android App Links.

Q: Where exactly should I place the assetlinks.json file?

The file must be placed at https://your-domain.com/.well-known/assetlinks.json. The .well-known directory must be at the root of your domain, and the file must be publicly accessible and served over HTTPS with the Content-Type header set to application/json.

Q: What is a SHA-256 certificate fingerprint and how do I get it?

A SHA-256 certificate fingerprint is a unique 64-character hexadecimal identifier for your app's signing certificate. Android uses it to verify that your app is authorized to handle links for your domain. You can get it using three methods: (1) the keytool command with your keystore file, (2) Google Play Console for release certificates, or (3) Android Studio's APK analyzer. You need fingerprints for both debug and release certificates.

Q: Why aren't my Android App Links working even though assetlinks.json looks correct?

Common causes include: (1) wrong or mismatched SHA-256 fingerprint, (2) wrong package name, (3) missing android:autoVerify="true" in AndroidManifest.xml, (4) assetlinks.json not served over HTTPS, (5) incorrect Content-Type header, or (6) the app was installed before assetlinks.json was deployed. Try uninstalling and reinstalling the app, and use this validator to check for configuration issues.

Q: Can I have multiple apps or packages in the same assetlinks.json file?

Yes, assetlinks.json is an array that can contain multiple relation objects. You can include entries for multiple apps (different package names) and multiple signing certificates (different SHA-256 fingerprints). This is useful if you have multiple apps using the same domain, or multiple signing keys across different build flavors or environments.

Q: Do I need both debug and release SHA-256 fingerprints in assetlinks.json?

Yes, if you want Android App Links to work for both development and production. The debug fingerprint is for testing on development devices with unsigned/debug builds. The release fingerprint is for the production app distributed via Google Play. Include both in the sha256_cert_fingerprints array as separate entries.

Q: What is the difference between assetlinks.json and AASA?

assetlinks.json (Digital Asset Links) is for Android App Links and is published by Android apps on their website domain. AASA (apple-app-site-association) is for iOS Universal Links and is hosted on the website. Both achieve the same goal on different platforms: allowing apps to claim ownership of links to their domain without showing a chooser dialog. Websites often host both files to support Android and iOS app linking.

Q: How can I test if my assetlinks.json is working correctly?

Use this free assetlinks.json validator to check your configuration immediately. For real-world testing, install your app on an Android device and click links to your domain in a browser or from another app. If configured correctly, the link will open directly in your app without showing the app chooser. You can also check the Android system logs for verification messages. Allow 24-48 hours for Play Console to update distribution if you recently changed signing certificates.