I have not been able to confirm this anywhere, so maybe someone here can. I know that when targeting iOS 9+ and using HTTPS one can implement Universal Links with plaintext app-site-association-file.
I also know, that when supporting Handof/Shared Web Credentials, the file needs to be signed.
What I'm interested in is whether Universal Links will work with signed file avaiable via HTTP?
For those wondering - no you cannot. Even when using a signed file (which was a requirement for Handoff and Shared Web Credentials in iOS 8), the connection still needed to be accesible via HTTPS.
Reference from docs :
The file must meet the following requirements:
The file must be hosted on an https:// site with a valid certificate (for example, Safari must not issue a certificate warning when viewing the site).
The file must not use any redirects.
The file must have the MIME type application/pkcs7-mime.
The file must be CMS signed by a valid TLS certificate.