Branch

Overview

Branch (Branch.io) is a mobile measurement and deep linking platform used by app developers to bridge the gap between web and mobile app experiences. The platform's two core capabilities are mobile attribution — connecting web marketing campaigns to app installs and in-app events — and deep linking — routing users from web links through the app installation process directly to specific in-app content, even for users who do not yet have the app installed (deferred deep linking).

Branch is widely used by mobile app companies with a significant web marketing presence — SaaS products, e-commerce apps, media apps, and consumer apps that want to measure which web campaigns drive app installs and post-install conversions.

What This Script Does

The Branch Web SDK (cdn.branch.io/branch-latest.min.js) deploys on web landing pages and attribution measurement pages:

Campaign click tracking: When a visitor arrives from a paid campaign link (typically a Branch smart link), the SDK captures the click parameters — campaign name, ad group, creative, and channel. These parameters are stored in a first-party cookie and transmitted to Branch's servers to record the attribution touchpoint. Cookie names include branch_session and branch_session_first, which persist for 7 days by default.

Fingerprint-based attribution: For scenarios where cookies are blocked or unavailable, Branch uses probabilistic fingerprinting — collecting device signals (IP address, user agent, screen dimensions, browser language, timezone) to create a probabilistic device identifier for attribution matching. This fingerprint is compared against app install events reported by the Branch mobile SDK to attribute installs without cookies.

App store redirect and deferred deep linking: Branch smart links detect the visitor's device OS and redirect them to the appropriate app store (Google Play or Apple App Store). After installation, the Branch mobile SDK retrieves the deferred deep link data — the specific in-app destination the web visitor originally clicked toward — and navigates the user to that content on first app launch.

Conversion event tracking: The SDK fires conversion events (e.g., registration completed, purchase completed, content viewed) on web pages that follow app installs, enabling Branch to report post-install conversion rates attributed to each campaign.

Cross-device identity matching: If the user is authenticated, Branch can link the web cookie identifier to the in-app user identifier, building a cross-device view of the customer journey from web ad click through app install to in-app conversion.

Consent & Compliance

Branch is an analytics and marketing attribution tool with significant cross-device tracking implications:

• GDPR / ePrivacy: The attribution cookies (branch_session, branch_session_first) require prior opt-in consent under the ePrivacy Directive. The probabilistic fingerprinting component — collecting device signals to create a unique identifier for attribution — constitutes processing of personal data under GDPR and requires consent. Cross-device identity linking is particularly sensitive under GDPR Article 22 (automated decision-making and profiling).
• IAB TCF purposes: Branch's processing maps to IAB TCF Purpose 1 (Store/access device information), Purpose 7 (Measure ad performance), and Purpose 9 (Apply market research to generate audience insights).
• CCPA: Attribution data linking web behavior to app install and in-app events constitutes personal information. Sharing this with advertising networks for campaign measurement may qualify as a "sale" or "sharing" under CCPA.
• EU-US transfers: Branch is a US-based company. Branch participates in the EU-US Data Privacy Framework for transatlantic personal data transfers.

Should You Block This Without Consent?

Yes. Branch tracks users across the web-to-app funnel using persistent attribution cookies and probabilistic fingerprinting. This is marketing attribution technology that requires explicit consent under GDPR and ePrivacy before activation.