feat: social login attribution

[grvgoel81]

Description

• PR adds the same marketing attribution fields used on Wallet Setup Completed (utm_*, attribution_id, etc.) to Social Login Completed, so mid-funnel analysis can segment by campaign without funnel-only joins.
• This PR is stacked with TO-717/718 on the same branch, say so in the PR body or retarget so the diff matches
• Jira: https://consensyssoftware.atlassian.net/browse/TO-723

Changelog

CHANGELOG entry: null

Related issues

Fixes:

Manual testing steps

Feature: Social Login Completed attribution 

  Scenario: Google sign-in emits UTM when consent and persisted attribution exist
    Given marketing consent is enabled and attribution was persisted from a deeplink
    When the user completes Google social login successfully
    Then SOCIAL_LOGIN_COMPLETED includes utm_* and attribution_id consistent with Wallet Setup Completed

  Scenario: Apple sign-in emits UTM when consent and persisted attribution exist
    Given marketing consent is enabled and persisted attribution exists within TTL
    When the user completes Apple social login successfully
    Then SOCIAL_LOGIN_COMPLETED includes non-empty attribution string properties where stored

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Performance checks (if applicable)

• I've tested on Android
  • Ideally on a mid-range device; emulator is acceptable
• I've tested with a power user scenario
  • Use these power-user SRPs to import wallets with many accounts and tokens
• I've instrumented key operations with Sentry traces for production performance metrics
  • See trace() for usage and addToken for an example

For performance guidelines and tooling, see the Performance Guide.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Medium Risk
Adds new persisted attribution state and wires deeplink/app-resume handling to save/expire/clear it based on marketing consent, which can affect analytics payloads and persistence behavior. Low functional user risk, but moderate risk of unintended attribution capture or regressions in onboarding analytics flows.

Overview
Adds a new persisted Redux attribution slice (MMKV-backed, TTL-expiring) to store acquisition fields (utm_*, attribution_id) captured from deeplinks/app-open attribution processing, gated by security.dataCollectionForMarketing.

Updates onboarding analytics to automatically attach these persisted attribution properties to WALLET_SETUP_COMPLETED (new wallet + SRP import) and to SOCIAL_LOGIN_COMPLETED, and ensures attribution is cleared on CLEAR_ONBOARDING or when marketing consent is disabled. Includes unit tests plus E2E fixture/expectation coverage to assert the attribution properties appear on wallet setup events.

^{Reviewed by Cursor Bugbot for commit 4cd0e59. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 4cd0e59. Configure here.}

[cursor]

Duplicate save path overwrites attribution_id on warm start

High Severity

When a deeplink with attribution_id (snake_case) opens the app from background, handleDeeplink correctly saves the full attribution (including attribution_id) via attributionPayloadFromDeeplink, which reads both attributionId and attribution_id from URL params. However, ~2 seconds later, processAppStateChange fires for the same deeplink and re-saves attribution via processAttribution, which only destructures attributionId (camelCase) from params — missing the snake_case variant entirely. Because the new payload lacks attribution_id, savePayloadMatchesExistingRecord sees a mismatch and overwrites the correct record, permanently losing the attribution_id field.

Additional Locations (1)

• app/core/DeeplinkManager/handlers/legacy/handleDeeplink.ts#L34-L43

 

^{Reviewed by Cursor Bugbot for commit 4cd0e59. Configure here.}

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokeWalletPlatform, SmokeAccounts, SmokeSeedlessOnboarding, SmokeIdentity
• Selected Performance tags: None (no tests recommended)
• Risk Level: medium
• AI Confidence: 88%

click to see 🤖 AI reasoning details

E2E Test Selection:
This PR introduces a comprehensive marketing attribution tracking system that persists UTM parameters and attribution IDs across app sessions. Key changes:

1. New Redux slice (attribution.ts): Adds a new persisted Redux slice for storing UTM params and attribution IDs with TTL logic. This is integrated into the root reducer and uses a separate MMKV-backed storage.

2. Onboarding flow modifications:

   • ChoosePassword/index.tsx (new wallet creation): Attaches attribution properties to WALLET_SETUP_COMPLETED analytics event
   • ImportFromSecretRecoveryPhrase/index.js (SRP import): Attaches attribution properties to WALLET_SETUP_COMPLETED analytics event
   • Onboarding/index.tsx (social login): Attaches attribution properties to SOCIAL_LOGIN_COMPLETED event

3. Deeplink handling: handleDeeplink.ts now saves attribution data when deeplinks are processed (if marketing consent is enabled)

4. AppStateEventListener: Saves attribution when app transitions from background to active state

5. Store infrastructure: New persist config, new MMKV storage adapter, new saga for clearing attribution on consent change/wallet delete, expireAttributionIfStale dispatched on persist complete

6. New E2E tests tagged SmokeWalletPlatform: Tests in new-wallet.spec.ts and import-wallet.spec.ts verify attribution params appear in analytics events

7. Test infrastructure: FixtureBuilder.ts gets new withPreloadedMarketingAttributionForWalletSetupAnalytics() method; initial-root-state.ts adds attribution state

Tag selection rationale:

• SmokeWalletPlatform: Directly tested by new E2E tests (analytics during new wallet and import wallet flows are tagged SmokeWalletPlatform). Also covers wallet lifecycle analytics tracking.
• SmokeAccounts: The new wallet creation (ChoosePassword) and SRP import flows are modified. These are core account management flows.
• SmokeSeedlessOnboarding: The social login flow in Onboarding/index.tsx is modified to include attribution properties. This directly affects seedless onboarding analytics.
• SmokeIdentity: The import wallet flow changes affect identity/sync features (the import-wallet spec also tests profile accounts sync). Per tag description, when changes touch account sync flows, also select SmokeIdentity.

The reducers/index.ts and store/index.ts changes are additive (new reducer, new dispatch) and shouldn't break existing functionality, but the onboarding flow changes warrant testing the full onboarding suite.

Performance Test Selection:
The changes add a new Redux slice with MMKV persistence and a new saga, but these are lightweight additions that run only during specific user actions (deeplink processing, app state transitions, onboarding). The MMKV storage is fast and the saga is event-driven. No significant performance impact is expected on app launch, login, account list rendering, or other measured flows. No performance tests are needed.

View GitHub Actions results

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
89.2% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud