Applinks failing

Hello,

We're facing an issue with app links failing and falling back to browser website journeys. Our apple-app-site-association file is hosted publicly and the app to app journeys have been working correctly up to very recently - we are trying to identify any potential network infra changes that could have impacted the Apple CDN being able to retrieve the apple-app-site-association file.

We can see in the iPhone OS logs that the links cannot be verified by the swcd process, and using the app-site-association.cdn-apple.com/a/v1 api via curl can also see the CDN has no record of the AASA file.

Due to the traffic being SSL and to a high volume enterprise site it is difficult for use to trace activity through anything other that the source IPs - we cannot filter on user-agent for "AASA-Bot/1.0.0" as breaking the SSL would be impactful due to the load. Is it possible to get a network range used by the Apple CDN to retrieve the AASA file as this would help us identify potential blocking behaviour?

Thank you.

Try this :

  1. Plug a device into your Mac and open the Console App.
  2. Download the app to device while monitoring the logs on the Console App.
  3. Check for a line similar to swcd(CoreUtils)[3253] <Notice>: Added service 'applinks', appID ‘', domain ‘’ (you can filter the logs with “swcd”)

Check for any errors that may be occurring in the logs.

Additionally, here is a checklist I use when implementing Universal Links :

• Check your entitlements and ensure associated domains is present
• Check your domains and ensure that apple association website is downloadable via HTTP and HTTPS
• Check your App ID in asocial file and compare it to your entitlements
• Check that your app ID prefixes match
• Your .well-known takes precedence, if it is outdated Universal Links won’t work
• Ensure your SSL cert validation passes
• Redirects are not allowed

Rico


WWDR | DTS | Software Engineer

Thanks for the pointers above. We can see an error in the device logs with the swcd process (below), but we are trying to identify the ip sources for the CDN bots or a reasonably narrow subnet we can filter our logs on - we don't think anything has changed recently in our app entitlements, hosting location or AASA file format - if we could identify the subnet range the CDN bots work from it would help us zone in on our problem.

Request for '<private>' for task AASA-E9E77FFD-7D96-4B6C-91E8-F7B8EBC16E9D { domain: on….ai….ie, bytes: 0, route: cdn } denied because the CDN told us to stop with HTTP status 404: SWCERR00301 Timeout -- {"cause":"context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}

Applinks failing
 
 
Q