Limitations & Known Issues
This page documents limitations, edge-cases and known failure modes in the Detour deferred-linking architecture.
Privacy-oriented network features (Apple Private Relay, VPNs)
Services like iCloud Private Relay, consumer VPNs, or corporate proxies can obfuscate or change the client's IP address. Apple Private Relay in particular acts as a privacy proxy that masks the client's IP and may return a relay IP (and sometimes a coarse region) instead of the original IP.
Impact
- IP-based scoring (one of the strongest signals in our probabilistic match) can be invalidated or weakened. A missing or different IP reduces total match score and may cause false negatives (missed matches).
- If a click used one IP and the first-open has a Private Relay IP, IP equality check will fail; combined with other weak signals this may drop below threshold.
More about iCloud Private Relay
Apple’s iCloud Private Relay is an opt-in privacy service (part of iCloud+) that proxies and encrypts certain internet traffic from Apple devices so that no single party can see both who the user is and what sites they visit. It uses a two-hop architecture: an Apple-operated ingress relay and a third-party egress relay. The system is designed to preserve a user’s approximate region while masking their real IP address and DNS lookups.
When Private Relay is active:
- Who can use it: iCloud+ subscribers who enable Private Relay in iCloud settings.
- Where it runs: Private Relay protects web browsing in Safari and other unencrypted app traffic that the system can proxy; it is built into the OS networking stack and is transparent to the user once enabled. On iOS/macOS the service is toggled in iCloud settings.
It's recommended to enable copy link feature for ios users to increase the chances of a successful match.
iOS pasteboard & paste permission prompt
iOS shows a system prompt when an app reads the clipboard in certain contexts (to protect user privacy). Users might decline or the prompt may not appear in some flows. Clipboard contents can be a helpful signal for probabilistic matching.
Impact
- If the user denies paste access or the SDK cannot read the clipboard, the
pastedLinksignal is absent and match score can drop. - Clipboard-based UX improvements (copy-to-install) rely on correct user behavior — if users don’t copy or paste links, it yields no benefit.
Ad networks, redirect chains and referrer loss (Android and web)
Some ad networks, trackers or redirect chains (redirectors, trackers, link shorteners) can strip or rewrite URL query parameters or referrer information. On Android, the install referrer may not contain the expected click_id if an upstream redirect removed it.
Impact
click_idmay be missing at install time → deterministic matching impossible for that click. System must fall back to probabilistic matching (lower reliability).- Redirects may change the landing domain so assetlinks verification may differ.
Play Store referrer missing
Android Install Referrer generally provides referrer data, but:
- Some installs (e.g., pre-installs, sideloads, some Play store variants, external and internal tests) will not send referrer.
- Referrer may be delayed or lost if the Play Store and the app are not interacted with in expected ways.
Impact
- Deterministic match fails when the referrer is missing or malformed.
Probabilistic matching — false negatives & false positives
Probabilistic matching is inherently heuristic: it combines multiple signals and accepts a match above a threshold. Two failure modes exist:
- False negatives — a correct match is missed (score below threshold).
- False positives — an incorrect click is matched (score above threshold).
Impact
- False negatives reduce deferred attribution and degrade UX (user doesn't land in the expected content).
- False positives yield incorrect attribution (bad analytics) and a poor UX (user lands on wrong content).
Shared devices, browser privacy, & multiple users behind same IP
Household/shared-device scenarios, corporate devices, or NATs mean multiple distinct users may share similar fingerprints/IPs.
Impact
- Increased risk of false positives if two users on the same device or same network click different links in a short window.
- Confusing attribution for shared devices