May 19th, 2017
At some point in early 2017, a few enterprising scammers figured out how to hijack iOS Safari via an infinite loop of custom URI scheme redirects. The result was essentially low-tech ransomware, and unfortunately it was realistic enough to trick many users into paying up. While this crisis had nothing to do with deep linking, the repercussions of fixing it have spread further than Apple anticipated.
Apple fixed the custom URI scheme security hole in iOS 10.3, but one side-effect of this patch is a new confirmation alert when opening the App Store from Safari. And since all deep linking systems rely on redirecting through Safari to access the App Store, this means a new edge case that you must worry about for all deep links on iOS. It looks like this:
Here’s the problem: clicking Cancel on that dialog leaves your user stuck looking at a blank screen. There’s a good chance you just lost that user.
Branch built a workaround that adds a branded, customizable content preview with a CTA button, essentially giving the user a second chance to get things right. You can read all about how we did it, but this is what it looks like:
Adding a safety net like this is better than nothing, but the whole user experience is obviously far worse than before. The only question has been exactly how much worse, and we now have real data to show the repercussions of Apple’s change.
These results are calculated from a sampling of iOS Branch link activity on May 2, 2017.
So what does this actually mean? Let’s break it down:
Safari does not allow clicks on this new Cancel button to be tracked directly. However, Branch can infer the number based on changes to other metrics we can measure, and in reality almost 19% of users are clicking it.
The good news is visitors still want your app — they are just getting confused by this new warning. When you give them another opportunity to click by showing a content preview with a CTA button, over 5% of them will continue to download successfully.
Here is the bottom line: even with a fix like the one offered by Branch, around 2.5% of organic iOS installs are getting lost. This new warning screen appears to be a major roadblock for almost a fifth of iOS users, and while data shows a “second chance” screen helps, it is nowhere near enough to repair the damage.
Patching this ransomware-esque custom URI exploit was the right thing for Apple to do, but the App Store is unlike any other app. It is a core part of the iOS infrastructure. Applying such flawed UX to a critical platform component was a terrible decision.
And yes, if you care about organic acquisition (which you definitely should), you must be offering your users a fallback option until Apple fixes this issue. In the competitive mobile app world, having such an easy way to increase your installs by 1% is unheard of, and is absolutely worth the small amount of effort it takes.
There are now over 25,000 live apps on the Branch platform, so we are able to detect and mitigate new edge cases like these as soon as they occur. Even better, the patches are automatically rolled out to every app on the platform, usually without any additional work. If you’re tired of dealing with deep links that break without warning, give Branch a try today!