feat: persist deeplink attribution with MMKV (#29542)

<!--
Please submit this PR as a draft initially.

Do not mark it as "Ready for review" until this PR meets the canonical
Definition of Ready For Review in `docs/readme/ready-for-review.md`.

In short: the template must be materially complete (not just section
titles
present), all status checks must be currently passing, and the only
expected
follow-up commits must be reviewer-driven.
-->

## **Description**
Mobile only kept deep-link UTM / attribution_id in memory (via
AppStateEventListener / processAttribution). After the first foreground
pass the deeplink is often cleared, and onboarding → Wallet Setup
Completed usually happens in a later session, so acquisition data was
lost and could not be attached to conversion analytics.

This PR adds a dedicated Redux slice for attribution with redux-persist
+ MMKV (separate from root filesystem persist). It exposes
saveAttribution, clearAttribution, and expireAttributionIfStale (default
7-day TTL). Data is written when:

* AppStateEventListener.processAppStateChange runs after
processAttribution() (still gated by dataCollectionForMarketing inside
processAttribution), and
* handleDeeplink sees a URI with acquisition params while marketing
consent is on (covers cold open / session split).

Privacy: No persistence when marketing consent is off; persisted data is
cleared when the user opts out of marketing data collection and when
onboarding is cleared (CLEAR_ONBOARDING). Root persist blacklists
attribution so it is not double-stored with the nested MMKV persist.

Includes unit tests for the slice (save / clear / expire), marketing
sagas, deeplink handler, app state listener, and persistConfig blacklist
expectations

Jira: https://consensyssoftware.atlassian.net/browse/TO-717
<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: null

## **Related issues**

Fixes:

## **Manual testing steps**

```gherkin
Feature: Persist deep-link attribution (marketing consent on)

  Scenario: User opens app from acquisition deeplink and survives process restart
    Given marketing data collection for analytics is enabled
    And the app handles a deeplink URL that includes utm_source (and optionally attribution_id/other utm_* params)

    When the user fully terminates the app and launches MetaMask again without using the same deeplink

    Then persisted Redux state under the attribution slice still contains the saved acquisition fields (and capturedAt) until TTL or opt-out

  Scenario: User disables marketing consent after attribution was saved
    Given marketing data collection for analytics was enabled
    And attribution had been persisted from a prior deeplink or foreground attribution capture

    When the user turns off marketing data collection for analytics in settings

    Then persisted attribution is cleared (no acquisition payload remains in the attribution slice)

```

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**
<img width="801" height="72" alt="Screenshot 2026-05-04 at 2 02 56 PM"
src="https://github.com/user-attachments/assets/7173f866-6b71-468f-868b-c5964d12cfe4"
/>

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

<!--
Every checklist item must be consciously assessed before marking this PR
as
"Ready for review". A checked box means you deliberately considered that
responsibility, not that you literally performed every action listed.

Unchecked boxes are ambiguous: they are not an implicit "N/A" and they
are not
a silent "skip". See `docs/readme/ready-for-review.md` for the full
checklist
semantics.
-->

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile
Coding
Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I've included tests if applicable
- [x] I've documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I've applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

#### Performance checks (if applicable)

- [ ] I've tested on Android
  - Ideally on a mid-range device; emulator is acceptable
- [ ] I've tested with a power user scenario
- Use these [power-user
SRPs](https://consensyssoftware.atlassian.net/wiki/spaces/TL1/pages/edit-v2/401401446401?draftShareId=9d77e1e1-4bdc-4be1-9ebb-ccd916988d93)
to import wallets with many accounts and tokens
- [ ] I've instrumented key operations with Sentry traces for production
performance metrics
- See [`trace()`](/app/util/trace.ts) for usage and
[`addToken`](/app/components/Views/AddAsset/components/AddCustomToken/AddCustomToken.tsx#L274)
for an example

For performance guidelines and tooling, see the [Performance
Guide](https://consensyssoftware.atlassian.net/wiki/spaces/TL1/pages/400085549067/Performance+Guide+for+Engineers).

## **Pre-merge reviewer checklist**

<!--
Reviewer checklist items follow the same semantics as the author
checklist: an
unchecked box is ambiguous, a checked box means the reviewer consciously
assessed that responsibility. See `docs/readme/ready-for-review.md`.
-->

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Introduces new persisted attribution state and wires it into
deeplink/app-state flows plus migrations; mistakes could incorrectly
retain or clear marketing acquisition data and impact analytics/privacy
expectations.
> 
> **Overview**
> Adds a new persisted `attribution` Redux slice to store acquisition
fields (`utm_*`, `attribution_id`) with a 7-day TTL, deduping, and
explicit `saveAttribution`/`clearAttribution`/`expireAttributionIfStale`
actions.
> 
> Attribution is now saved from both the legacy deeplink entrypoint
(when `security.dataCollectionForMarketing` is `true`) and from
`AppStateEventListener` after `processAttribution`, and the listener now
clears `currentDeeplink` after processing to avoid re-saving on
subsequent resumes.
> 
> On app start, persisted attribution is cleared if marketing consent
isn’t explicitly granted, otherwise stale records are expired; new sagas
also clear attribution on marketing opt-out and `CLEAR_ONBOARDING`. A
migration (`136`) imports any legacy MMKV-stored attribution into the
root persisted state and removes the old key, and selectors/tests are
added to validate the new behavior.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
4e3ac25. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: tommasini <tommasini15@gmail.com>

Author: grvgoel81

app/core/AppStateEventListener.test.ts

@@ -6,6 +6,14 @@ import { processAttribution } from './processAttribution';
 import { AnalyticsEventBuilder } from '../util/analytics/AnalyticsEventBuilder';
 import { analytics } from '../util/analytics/analytics';
 import ReduxService, { ReduxStore } from './redux';
+import { saveAttribution } from './redux/slices/attribution';
+
+function createMockReduxStore(): ReduxStore {
+  return {
+    dispatch: jest.fn(),
+    getState: jest.fn(() => ({})),
+  } as unknown as ReduxStore;
+}
 
 jest.mock('./DeeplinkManager/utils/extractURLParams', () => jest.fn());
 
@@ -86,9 +94,8 @@ describe('AppStateEventListener', () => {
   });
 
   it('tracks event when app becomes active and attribution data is available', () => {
-    jest
-      .spyOn(ReduxService, 'store', 'get')
-      .mockReturnValue({} as unknown as ReduxStore);
+    const mockStore = createMockReduxStore();
+    jest.spyOn(ReduxService, 'store', 'get').mockReturnValue(mockStore);
     const mockAttribution = {
       attributionId: 'test123',
       utm_source: 'source',
@@ -104,6 +111,14 @@ describe('AppStateEventListener', () => {
     mockAppStateListener('active');
     jest.advanceTimersByTime(2000);
 
+    expect(mockStore.dispatch).toHaveBeenCalledWith(
+      saveAttribution({
+        attribution_id: 'test123',
+        utm_source: 'source',
+        utm_medium: 'medium',
+        utm_campaign: 'campaign',
+      }),
+    );
     expect(AnalyticsEventBuilder.createEventBuilder).toHaveBeenCalledWith(
       MetaMetricsEvents.APP_OPENED,
     );
@@ -114,12 +129,46 @@ describe('AppStateEventListener', () => {
     expect(mockAnalytics.trackEvent).toHaveBeenCalledWith(
       mockEventBuilder.build(),
     );
+    expect(appStateManager.currentDeeplink).toBeNull();
+  });
+
+  it('clears currentDeeplink after processing so a later resume does not re-save attribution', () => {
+    const mockStore = createMockReduxStore();
+    jest.spyOn(ReduxService, 'store', 'get').mockReturnValue(mockStore);
+    (processAttribution as jest.Mock)
+      .mockReturnValueOnce({
+        attributionId: 'x',
+        utm_source: 'y',
+      })
+      .mockReturnValue(undefined);
+
+    appStateManager.setCurrentDeeplink('metamask://x');
+    mockAppStateListener('background');
+    mockAppStateListener('active');
+    jest.advanceTimersByTime(2000);
+
+    expect(appStateManager.currentDeeplink).toBeNull();
+    expect(mockStore.dispatch).toHaveBeenCalledWith(
+      saveAttribution({
+        attribution_id: 'x',
+        utm_source: 'y',
+      }),
+    );
+
+    (mockStore.dispatch as jest.Mock).mockClear();
+    mockAppStateListener('background');
+    mockAppStateListener('active');
+    jest.advanceTimersByTime(2000);
+
+    expect(mockStore.dispatch).not.toHaveBeenCalledWith(
+      expect.objectContaining({ type: saveAttribution.type }),
+    );
   });
 
   it('tracks event when app becomes active without attribution data', () => {
     jest
       .spyOn(ReduxService, 'store', 'get')
-      .mockReturnValue({} as unknown as ReduxStore);
+      .mockReturnValue(createMockReduxStore());
     (processAttribution as jest.Mock).mockReturnValue(undefined);
 
     mockAppStateListener('background');
@@ -164,7 +213,7 @@ describe('AppStateEventListener', () => {
     jest.clearAllMocks();
     jest
       .spyOn(ReduxService, 'store', 'get')
-      .mockReturnValue({} as unknown as ReduxStore);
+      .mockReturnValue(createMockReduxStore());
     const testError = new Error('Test error');
     (processAttribution as jest.Mock).mockImplementation(() => {
       throw testError;
@@ -206,7 +255,7 @@ describe('AppStateEventListener', () => {
     jest.clearAllMocks();
     jest
       .spyOn(ReduxService, 'store', 'get')
-      .mockReturnValue({} as unknown as ReduxStore);
+      .mockReturnValue(createMockReduxStore());
     (processAttribution as jest.Mock).mockReturnValue(undefined);
 
     mockAppStateListener('background');
@@ -225,7 +274,7 @@ describe('AppStateEventListener', () => {
     jest.clearAllMocks();
     jest
       .spyOn(ReduxService, 'store', 'get')
-      .mockReturnValue({} as unknown as ReduxStore);
+      .mockReturnValue(createMockReduxStore());
     (processAttribution as jest.Mock).mockReturnValue(undefined);
 
     // Simulate iOS background → inactive → active sequence
@@ -244,7 +293,7 @@ describe('AppStateEventListener', () => {
     jest.clearAllMocks();
     jest
       .spyOn(ReduxService, 'store', 'get')
-      .mockReturnValue({} as unknown as ReduxStore);
+      .mockReturnValue(createMockReduxStore());
     (processAttribution as jest.Mock).mockReturnValue(undefined);
 
     // Simulate iOS system permission dialog: active → inactive → active

app/core/AppStateEventListener.ts

@@ -4,6 +4,8 @@ import { MetaMetricsEvents } from './Analytics';
 import { AnalyticsEventBuilder } from '../util/analytics/AnalyticsEventBuilder';
 import { analytics } from '../util/analytics/analytics';
 import { processAttribution } from './processAttribution';
+import { saveAttribution } from './redux/slices/attribution';
+import { attributionPayloadFromProcessAttribution } from './redux/slices/attributionFromSources';
 import DevLogger from './SDKConnect/utils/DevLogger';
 import ReduxService from './redux';
 import generateDeviceAnalyticsMetaData from '../util/metrics';
@@ -90,6 +92,13 @@ export class AppStateEventListener {
         currentDeeplink: this.currentDeeplink,
         store: ReduxService.store,
       });
+      if (attribution) {
+        const persistedPayload =
+          attributionPayloadFromProcessAttribution(attribution);
+        if (persistedPayload) {
+          ReduxService.store.dispatch(saveAttribution(persistedPayload));
+        }
+      }
       // Note: User identification is handled when settings change individually
       // We only track the APP_OPENED event on app state transitions
       const appOpenedEventBuilder = AnalyticsEventBuilder.createEventBuilder(
@@ -104,6 +113,9 @@ export class AppStateEventListener {
         appOpenedEventBuilder.addProperties(attribution);
       }
       analytics.trackEvent(appOpenedEventBuilder.build());
+      // One-shot use for attribution: keeping currentDeeplink causes every
+      // background→active cycle to re-save and reset capturedAt (TTL).
+      this.currentDeeplink = null;
     } catch (error) {
       Logger.error(
         error as Error,

app/core/DeeplinkManager/handlers/legacy/__tests__/handleDeeplink.test.ts

@@ -1,5 +1,6 @@
 import { handleDeeplink } from '../handleDeeplink';
 import { checkForDeeplink } from '../../../../../actions/user';
+import { saveAttribution } from '../../../../redux/slices/attribution';
 import ReduxService from '../../../../redux';
 import Logger from '../../../../../util/Logger';
 import { AppStateEventProcessor } from '../../../../AppStateEventListener';
@@ -22,6 +23,9 @@ jest.mock('../../../../redux', () => ({
   default: {
     store: {
       dispatch: jest.fn(),
+      getState: jest.fn(() => ({
+        security: { dataCollectionForMarketing: true },
+      })),
     },
   },
 }));
@@ -67,6 +71,7 @@ jest.mock('../../../util/deeplinks/deepLinkAnalytics', () => ({
 
 describe('handleDeeplink', () => {
   const mockDispatch = ReduxService.store.dispatch as jest.Mock;
+  const mockGetState = ReduxService.store.getState as jest.Mock;
   const mockCheckForDeeplink = checkForDeeplink as jest.Mock;
   const mockLoggerError = Logger.error as jest.Mock;
   const mockSetCurrentDeeplink =
@@ -75,10 +80,12 @@ describe('handleDeeplink', () => {
   const mockHandleMwpDeeplink = SDKConnectV2.handleMwpDeeplink as jest.Mock;
   const mockTrackEvent = analytics.trackEvent as jest.Mock;
   const mockDetectAppInstallation = detectAppInstallation as jest.Mock;
-
   beforeEach(() => {
     jest.clearAllMocks();
     mockIsMwpDeeplink.mockReturnValue(false);
+    mockGetState.mockReturnValue({
+      security: { dataCollectionForMarketing: true },
+    });
   });
 
   it('processes valid URI and dispatch checkForDeeplink', () => {
@@ -92,6 +99,36 @@ describe('handleDeeplink', () => {
     expect(mockLoggerError).not.toHaveBeenCalled();
   });
 
+  it('dispatches saveAttribution when marketing consent is on and URI has acquisition params', () => {
+    const testUri =
+      'metamask://open?utm_source=email&utm_campaign=spring&attribution_id=abc123';
+
+    handleDeeplink({ uri: testUri });
+
+    expect(mockDispatch).toHaveBeenCalledWith(
+      saveAttribution({
+        utm_source: 'email',
+        utm_campaign: 'spring',
+        attribution_id: 'abc123',
+      }),
+    );
+    expect(mockDispatch).toHaveBeenCalledWith({ type: 'CHECK_FOR_DEEPLINK' });
+  });
+
+  it('does not dispatch saveAttribution when marketing consent is off', () => {
+    mockGetState.mockReturnValue({
+      security: { dataCollectionForMarketing: false },
+    });
+    const testUri = 'metamask://open?utm_source=email';
+
+    handleDeeplink({ uri: testUri });
+
+    expect(mockDispatch).not.toHaveBeenCalledWith(
+      expect.objectContaining({ type: saveAttribution.type }),
+    );
+    expect(mockDispatch).toHaveBeenCalledWith({ type: 'CHECK_FOR_DEEPLINK' });
+  });
+
   it('processes valid URI with source and passes source to setCurrentDeeplink', () => {
     const testUri = 'metamask://test-deeplink';
     const testSource = 'push-notification';

app/core/DeeplinkManager/handlers/legacy/handleDeeplink.ts

@@ -1,3 +1,5 @@
+import { saveAttribution } from '../../../redux/slices/attribution';
+import { attributionPayloadFromDeeplink } from '../../../redux/slices/attributionFromSources';
 import { checkForDeeplink } from '../../../../actions/user';
 import Logger from '../../../../util/Logger';
 import { AppStateEventProcessor } from '../../../AppStateEventListener';
@@ -30,6 +32,15 @@ export function handleDeeplink(opts: { uri?: string; source?: string }) {
   try {
     if (uri && typeof uri === 'string') {
       AppStateEventProcessor.setCurrentDeeplink(uri, source);
+      if (
+        ReduxService.store.getState().security.dataCollectionForMarketing ===
+        true
+      ) {
+        const payload = attributionPayloadFromDeeplink(uri);
+        if (payload) {
+          ReduxService.store.dispatch(saveAttribution(payload));
+        }
+      }
       dispatch(checkForDeeplink());
     }
   } catch (e) {

app/core/DeeplinkManager/types/deepLink.types.ts

@@ -22,6 +22,7 @@ export interface DeeplinkUrlParams {
   originatorInfo?: string;
   request?: string;
   attributionId?: string;
+  attribution_id?: string;
   utm_source?: string;
   utm_medium?: string;
   utm_campaign?: string;

app/core/processAttribution.test.tsx

@@ -100,6 +100,86 @@ describe('processAttribution', () => {
     });
   });
 
+  it('resolves attribution_id (snake_case) when attributionId (camelCase) is absent', () => {
+    (store.getState as jest.Mock).mockReturnValue({
+      security: { dataCollectionForMarketing: true },
+    });
+    (extractURLParams as jest.Mock).mockReturnValue({
+      params: {
+        attributionId: '',
+        attribution_id: 'snake-abc',
+        utm_source: 'twitter',
+        utm_medium: '',
+        utm_campaign: '',
+        utm_term: '',
+        utm_content: '',
+      },
+    });
+
+    const result = processAttribution({
+      currentDeeplink:
+        'metamask://connect?attribution_id=snake-abc&utm_source=twitter',
+      store,
+    });
+    expect(result).toEqual(
+      expect.objectContaining({ attributionId: 'snake-abc' }),
+    );
+  });
+
+  it('prefers camelCase attributionId over snake_case attribution_id', () => {
+    (store.getState as jest.Mock).mockReturnValue({
+      security: { dataCollectionForMarketing: true },
+    });
+    (extractURLParams as jest.Mock).mockReturnValue({
+      params: {
+        attributionId: 'camel-abc',
+        attribution_id: 'snake-abc',
+        utm_source: '',
+        utm_medium: '',
+        utm_campaign: '',
+        utm_term: '',
+        utm_content: '',
+      },
+    });
+
+    const result = processAttribution({
+      currentDeeplink:
+        'metamask://connect?attributionId=camel-abc&attribution_id=snake-abc',
+      store,
+    });
+    expect(result).toEqual(
+      expect.objectContaining({ attributionId: 'camel-abc' }),
+    );
+  });
+
+  it('does not populate attributionId when both camelCase and snake_case IDs are blank', () => {
+    (store.getState as jest.Mock).mockReturnValue({
+      security: { dataCollectionForMarketing: true },
+    });
+    (extractURLParams as jest.Mock).mockReturnValue({
+      params: {
+        attributionId: '',
+        attribution_id: '   ',
+        utm_source: 'news',
+        utm_medium: '',
+        utm_campaign: '',
+        utm_term: '',
+        utm_content: '',
+      },
+    });
+
+    const result = processAttribution({
+      currentDeeplink: 'metamask://connect',
+      store,
+    });
+    expect(result).toEqual(
+      expect.objectContaining({
+        attributionId: undefined,
+        utm_source: 'news',
+      }),
+    );
+  });
+
   it('handles empty UTM parameters gracefully', () => {
     (store.getState as jest.Mock).mockReturnValue({
       security: { dataCollectionForMarketing: true },

app/core/processAttribution.tsx

@@ -35,15 +35,21 @@ export function processAttribution({
     const { params } = extractURLParams(currentDeeplink);
     const {
       attributionId,
+      attribution_id,
       utm_source,
       utm_medium,
       utm_campaign,
       utm_term,
       utm_content,
     } = params;
 
+    // Prefer camelCase attributionId; fall back to snake_case attribution_id
+    // so URLs using either form are handled consistently.
+    const resolvedAttributionId =
+      attributionId?.trim() || attribution_id?.trim() || undefined;
+
     return {
-      attributionId,
+      attributionId: resolvedAttributionId,
       utm_source,
       utm_medium,
       utm_campaign,