AppsFlyer

AppsFlyer

Mobile attribution and marketing analytics platform. AppsFlyer scripts connect web touchpoints to app installs and in-app purchases, providing a full-funnel view of campaign performance across paid, organic, and owned channels.

Back to Vendor Library

Overview

AppsFlyer is a mobile attribution and marketing analytics platform that connects web-based touchpoints — landing pages, ad clicks, and campaign URLs — to mobile app installs and in-app events, providing full-funnel measurement across paid, organic, and owned channels. Its web SDK is deployed on landing pages, web-to-app conversion flows, and mobile web properties.

What This Script Does

Web SDK and Attribution Capture The AppsFlyer Web SDK loads from appsflyer-sdk.com or via a first-party domain configured by the operator. On page load, it:

  • Captures attribution parameters from the referring URL: UTM parameters (utm_source, utm_medium, utm_campaign, utm_term, utm_content), AppsFlyer click IDs (af_click_id), and ad network-specific click parameters
  • Identifies the user's device, browser, OS, and approximate geolocation (via IP address)
  • Sets a first-party attribution cookie to persist the click attribution through the web-to-app transition
  • Fires a page view event to AppsFlyer's collection servers at impression-us-east-1.appsflyer.com or impression-us-west-1.appsflyer.com

OneLink Deep Linking AppsFlyer's OneLink feature handles smart redirect links that route users to the appropriate destination based on device type:

  • iOS users → App Store listing or direct app deep link
  • Android users → Google Play listing or direct app deep link
  • Desktop users → web fallback page

OneLink intercepts clicks via a redirect at {brand}.onelink.me or a custom domain, capturing the device and attribution context before forwarding the user. This enables attribution to be maintained through the app store install and first app launch.

Conversion Events The Web SDK fires conversion events at key funnel points — typically when a user reaches a landing page from a paid campaign, submits a lead form, or initiates a web-to-app flow. Events sent include:

  • Event name (e.g., "af_complete_registration", "af_purchase", custom event names)
  • Conversion value (optional revenue parameter)
  • Attribution context (the campaign, ad set, and ad that drove the conversion)

Cookies set:

  • af_id (first-party, varies — typically 90 days to 1 year) — AppsFlyer visitor identifier for web-to-app attribution persistence
  • afUserId (first-party, varies) — AppsFlyer user identifier for conversion matching
  • Attribution parameter storage in localStorage to survive browser restarts

Domains contacted: appsflyer-sdk.com, impression-us-east-1.appsflyer.com, impression-us-west-1.appsflyer.com, t.appsflyer.com, {brand}.onelink.me

Data collected per session: IP address, User-Agent, device type, OS version, browser, language, referrer URL, full landing page URL and query parameters, UTM parameters, ad network click IDs, screen dimensions, timestamp.

Consent & Compliance

GDPR/ePrivacy: AppsFlyer performs cross-device attribution tracking that links web behavior to mobile app activity. The attribution cookies (af_id, afUserId) and the IP-based device fingerprinting used for probabilistic attribution require explicit opt-in consent under GDPR Article 7 and the ePrivacy Directive. Probabilistic matching using IP address and device signals without cookies constitutes processing personal data even without a cookie.

CCPA/CPRA: AppsFlyer's attribution data — linking ad clicks to app installs and in-app purchases — constitutes personal information that may be shared with ad network partners for attribution reporting, qualifying as sharing personal information under CCPA. Opt-out requests via Global Privacy Control (GPC) must be honored.

EU-US Data Transfers: AppsFlyer Ltd. (Israeli entity) processes data subject to Israeli data protection law. Data transferred to AppsFlyer's US servers is covered by Standard Contractual Clauses. Israel has an EU adequacy decision for data transfers.

IAB TCF: AppsFlyer is registered as an IAB TCF vendor. Attribution tracking maps to IAB TCF Purposes 1, 2, and 7.

Consent category: Analytics and Marketing (mobile attribution and campaign measurement).

Should You Block This Without Consent?

Yes. AppsFlyer tracks users across the web-to-app funnel for advertising attribution and campaign measurement. Both the attribution cookies and the probabilistic fingerprinting (IP + device signals) require consent under GDPR and ePrivacy. Block the AppsFlyer Web SDK until analytics or marketing consent is granted. For sites targeting EU users, ensure the SDK initialization is deferred until after consent is obtained, and configure AppsFlyer's privacy-preserving mode for non-consenting users.

Visit website

Consent Categories

Analytics
Marketing

Also Known As

AppsFlyer SDKmobile attributionapp install trackingAppsFlyer pixeldeep linkingmobile analytics

Industries

Computers Electronics and TechnologyProgramming and Developer Software

Tracked Domains (3)

appsflyer.comMarketing
cdn-sdk.appsflyer.comMarketing
onelink.meMarketing

Frequently Asked Questions

Is consent required for AppsFlyer on my website?

Yes. AppsFlyer performs cross-device attribution linking web behavior to mobile app activity using attribution cookies and IP-based device fingerprinting. Both require explicit consent under GDPR and ePrivacy. It is classified as analytics and marketing and must be blocked until the visitor opts in.

What does AppsFlyer collect?

AppsFlyer captures UTM parameters, af_click_id, device type, OS, browser, IP address, referrer URL, and screen dimensions. It sets af_id (90 days to 1 year) and afUserId cookies and stores attribution data in localStorage. Scripts load from appsflyer-sdk.com and send data to impression-us-east-1.appsflyer.com and t.appsflyer.com.

How does ConsentStack handle AppsFlyer?

ConsentStack detects AppsFlyer through its SDK domain at appsflyer-sdk.com and cookie names including af_id and afUserId. It classifies the vendor as analytics and marketing, blocking the Web SDK until the visitor consents. ConsentStack prevents both cookie-based attribution and probabilistic fingerprinting from starting before consent.

Related Vendors

Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Analytics
Google Analytics
Google Analytics is the world's most widely deployed web analytics platform. Scripts track page views, sessions, user demographics, traffic sources, and conversion events. Drops cookies to identify returning visitors and attribute user journeys across sessions.
Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Microsoft
Microsoft
Runs Clarity (session recording and heatmaps), the Microsoft Advertising UET tag (conversion tracking), and Bing's remarketing pixel. Clarity injects a recording script that captures mouse movements, clicks, and rage clicks. The UET tag fires conversion events to tie ad clicks to on-site actions across Microsoft's ad network.
Microsoft Dynamics 365
Microsoft Dynamics 365
Microsoft Dynamics 365 is a suite of CRM and ERP applications that integrates with websites through tracking scripts and embedded forms. Web tracking code captures visitor behavior, page views, and form submissions to build customer profiles and score leads. Sets cookies to identify returning visitors and attribute marketing touchpoints across sessions.
LinkedIn Insight Tag
LinkedIn Insight Tag
LinkedIn Insight Tag is a JavaScript tracking pixel for LinkedIn's advertising and analytics platform. The tag fires on every page view to collect URL, referrer, IP address, and device data for conversion tracking, website demographics reporting, and retargeting audience building. Sets cookies to identify LinkedIn members across advertiser websites.

Manage consent for AppsFlyer

ConsentStack automatically detects and manages AppsFlyer trackers so your site stays compliant with global privacy regulations.

Get started free