When building Android apps that interact with passkeys or Universal Links, two key concepts come into play: Digital Asset Links (DAL) and Keystores. The following chart explains the concepts in detail
assetlinks.json
hosted on your domain, under:
https://yourdomain.com/.well-known/assetlinks.json
This file declares a secure link between your app and your domain by including your app’s package name and signing key fingerprint. Once this link is verified, Android allows your app to handle URLs and securely exchange credentials.
assetlinks.json
file — meaning that your keystore and your asset links setup are directly connected. When you generate a keystore (via Android Studio or command line), it produces a SHA-256 fingerprint that proves your app is authentic.