What Is a URI Scheme
A URI scheme is a custom protocol identifier that a mobile app registers with the operating system to handle specific URL patterns. Just as https:// tells a browser to use the HTTP protocol, a custom scheme like myapp:// tells the OS to route the URL to your app. The format follows the standard URI syntax: scheme://host/path?query, where the scheme is your custom identifier and the remaining components define the destination within your app.
When a user taps a link with a registered URI scheme, the operating system looks up which app has registered that scheme and launches it, passing the full URL as a parameter. The app then parses the URL to extract the path and query parameters, using them to navigate the user to the correct screen or content. This mechanism has been available since the earliest versions of iOS and Android, making it the most widely supported form of deep linking.
The simplicity of URI schemes is both their strength and their weakness. They require minimal setup, just a manifest entry and a URL handler, but they lack the security, reliability, and fallback capabilities of modern alternatives like Universal Links and App Links.
How URI Schemes Work on Each Platform
On iOS, you register a URI scheme by adding a URL Types entry in your app's Info.plist file. Each entry specifies a URL scheme identifier and the scheme string itself. When iOS encounters a URL with your registered scheme, it launches your app and calls the application(_:open:options:) method in your app delegate, passing the full URL. Your app parses the URL components and routes the user accordingly.
On Android, URI schemes are handled through intent filters in the AndroidManifest.xml. You declare an intent filter with the VIEW action, BROWSABLE category, and a data element specifying your scheme, host, and path patterns. When Android encounters a matching URL, it creates an intent and delivers it to your activity. If multiple apps have registered the same scheme, Android displays a disambiguation dialog asking the user to choose.
The key difference between platforms is how they handle conflicts. iOS does not show a chooser dialog, if multiple apps register the same scheme, the behavior is undefined and the OS picks one without user input. Android at least gives the user a choice, but the disambiguation dialog adds friction and confusion. Neither platform verifies ownership of custom schemes, which is why they are considered insecure for user-facing links.
Limitations and Security Concerns
URI schemes have several fundamental limitations that make them unsuitable as the primary deep linking mechanism for growth campaigns. The most critical issue is the lack of fallback behavior. When a user taps a myapp:// link and the app is not installed, the result varies by platform and context, it might show an error, do nothing, or display a confusing system prompt. There is no built-in mechanism to redirect the user to a web page or the app store.
The absence of ownership verification creates security risks. Any app can register any URI scheme, and there is no way to prevent a malicious app from claiming your scheme. On iOS, this can lead to URL hijacking where a different app intercepts links intended for yours. On Android, the disambiguation dialog mitigates this somewhat, but it still creates a poor user experience and potential phishing vector.
URI schemes also do not work consistently across all contexts. Many apps and web views strip or block custom schemes for security reasons. Social media apps, email clients, and messaging platforms increasingly restrict URI scheme links, either blocking them outright or opening them in an embedded web view where the scheme cannot be resolved. This makes URI schemes unreliable for links shared through the channels where growth campaigns typically operate.
When to Use URI Schemes Today
Despite their limitations, URI schemes still serve valid purposes in specific scenarios. The most common use case is app-to-app communication within a controlled ecosystem. If you operate multiple apps and need them to launch each other with specific parameters, URI schemes provide a straightforward mechanism. Since you control both the sending and receiving apps, the ownership and fallback concerns are manageable.
Internal routing is another appropriate use case. Some apps use URI schemes internally to handle navigation from push notifications, widgets, or system extensions. The link never leaves your controlled environment, so the security and fallback limitations do not apply. This pattern is especially common in apps with complex navigation hierarchies where a URI-based routing system simplifies deep navigation.
URI schemes also serve as a fallback layer in sophisticated deep linking implementations. Linkrunner and similar platforms use URI schemes as one component in a multi-layered routing strategy. The primary link uses Universal Links or App Links for verified, seamless app opens. If those fail, due to edge cases in OS behavior or user settings, the system can attempt a URI scheme as a secondary mechanism before falling back to a web experience. This layered approach maximizes the probability of delivering the user to the intended in-app content.
Migrating from URI Schemes to Modern Deep Links
If your app currently relies on URI schemes for user-facing links, migrating to Universal Links and App Links should be a priority. The migration does not require removing URI scheme support, you should maintain it as a fallback, but your primary linking strategy should use verified HTTPS-based links.
Start by setting up your domain verification files. Host the apple-app-site-association file for iOS and the assetlinks.json file for Android on your domain. Configure the path patterns to match your existing URI scheme routes. Then update your app to handle both incoming Universal Links or App Links and legacy URI scheme links, routing both to the same internal navigation logic.
The most challenging part of migration is updating all existing links in the wild. Campaign links, shared links, QR codes, and partner integrations may all reference your URI scheme. Create a transition plan that prioritizes high-traffic link sources first. Update your campaign management tools to generate HTTPS-based links going forward, and implement server-side redirects that detect URI scheme links and upgrade them to their HTTPS equivalents where possible.
Test the migration thoroughly on physical devices across multiple OS versions. Pay special attention to edge cases like links opened from email clients, social media apps, and messaging platforms, these are the contexts where URI schemes fail most often and where the migration will have the biggest positive impact on user experience and conversion rates.
