App DiscoveryAppleiOS 10TechnicalUser Acquisition

The iOS 10.3 Security Alert Is Killing App Store Downloads

By May 19, 2017 One Comment

At some point in early 2017, a few enterprising scammers figured out how to hijack iOS Safari via an infinite loop of custom URI scheme redirects. The result was essentially low-tech ransomware, and unfortunately it was realistic enough to trick many users into paying up. While this crisis had nothing to do with deep linking, the repercussions of fixing it have spread further than Apple anticipated.

The Problem in iOS 10.3

Apple fixed the custom URI scheme security hole in iOS 10.3, but one side-effect of this patch is a new confirmation alert when opening the App Store from Safari. And since all deep linking systems rely on redirecting through Safari to access the App Store, this means a new edge case that you must worry about for all deep links on iOS. It looks like this:

Here’s the problem: clicking Cancel on that dialog leaves your user stuck looking at a blank screen. There’s a good chance you just lost that user.

Branch’s iOS 10.3 Workaround

Branch built a workaround that adds a branded, customizable content preview with a CTA button, essentially giving the user a second chance to get things right. You can read all about how we did it, but this is what it looks like:

Adding a safety net like this is better than nothing, but the whole user experience is obviously far worse than before. The only question has been exactly how much worse, and we now have real data to show the repercussions of Apple’s change.

The Data on Decreased iOS 10.3 Conversion Rates

These results are calculated from a sampling of iOS Branch link activity on May 2, 2017.

So what does this actually mean? Let’s break it down:

Visitors Who Click Cancel

Safari does not allow clicks on this new Cancel button to be tracked directly. However, Branch can infer the number based on changes to other metrics we can measure, and in reality almost 19% of users are clicking it.

Installs Recaptured by “Second Chance” Screen

The good news is visitors still want your app — they are just getting confused by this new warning. When you give them another opportunity to click by showing a content preview with a CTA button, over 5% of them will continue to download successfully.

Why Apple Needs To Fix This

Here is the bottom line: even with a fix like the one offered by Branch, around 2.5% of organic iOS 10.3 installs are getting lost. This new warning screen appears to be a major roadblock for almost a fifth of iOS users, and while data shows a “second chance” screen helps, it is nowhere near enough to repair the damage.

Patching this ransomware-esque custom URI exploit was the right thing for Apple to do, but the App Store is unlike any other app. It is a core part of the iOS infrastructure. Applying such flawed UX to a critical platform component was a terrible decision.

And yes, if you care about organic acquisition (which you definitely should), you must be offering your users a fallback option until Apple fixes this issue. In the competitive mobile app world, having such an easy way to increase your installs by 1% is unheard of, and is absolutely worth the small amount of effort it takes.

There are now over 25,000 live apps on the Branch platform, so we are able to detect and mitigate new edge cases like these as soon as they occur. Even better, the patches are automatically rolled out to every app on the platform, usually without any additional work. If you’re tired of dealing with deep links that break without warning, give Branch a try today!

  • Edward Smith

    Great overview. Thanks Alex.
    I didn’t know Apple’s reasoning behind the change.
    Seeing actual numbers about how the change affects users is always useful — it definitely guides my user experience decisions.