Please note that all submissions to the site are subject to the wiki's licence, CC 4.0 BY-SA, as found here

Forced App Download Experience

From Consumer Action Taskforce
Revision as of 11:01, 17 January 2025 by Ixus (talk | contribs) (Created page)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Forced app download experience is an experience where the user is forced by a business or government entity to download an app to their phone to perform basic tasks that could have otherwise been done on a standard web browser (e.g. adding a credit card for payments) or in real life (e.g. ordering a coffee).

The forced app download experience is becoming increasingly popular in many countries pushing digitalization. A prime example is Singapore whose government is all-in on digital everything, where it is impossible for anyone to have a bank account without using the bank's app and everyone must have a device that runs stock iOS or Android in order to download various government and business apps from their respective official app stores. Devices must also be running stock operating systems since most government and business apps conduct intrusive checks and will not run if a device is jailbroken or rooted.

Most companies (and likely most governments too) would love for this to happen in more countries across the globe because the forced app download experience allows for:

  1. Identification and tracking of users - not just on an account level and payments, but through deep device identifiers, location, network connection
  2. Push of the cashless agenda - digital-only payments typically go hand-in-hand with app-only experiences
  3. Increased digital integration - endless possibilities of integrating and sharing data with payment processors, ad providers,
  4. Increased centralization and dependency on big companies - putting more power in the hands of big tech (Apple and Google) with mandatory official app store downloads and big payments (Visa and Mastercard) with forced digital payments

Characteristics

The forced app download experience involves:

  1. Forcing download and use of app to interact with a business - Basic tasks like ordering, making payments, changing settings.
  2. Deliberately crippling or removing functionality from the web experience - Prevent users from having an alternative interface to perform basic tasks.
  3. Forcing users to always be on the latest version of an app - "For your security" (as they usually claim), most of these apps will constantly check for the latest version and self-disable if they are older than X versions (varies by company)

Key implications

User tracking and intrusion of privacy

The hallmarks of the forced app download experience are mandatory account creation and usage, and digital payments. This allows tracking of the user not just by the company behind the app, but the payment provider and any other associated third-party partners.

Mandatory use of "approved devices" and big tech operating systems

Apps are only available for download from official app stores, meaning consumers must use a device running iOS or Android.

Devices must also be running stock operating systems since most government and business apps conduct intrusive checks and will not run if a device is jailbroken or rooted.

Some companies such as big banks in Singapore have also started incorporating checks for "unverified apps" in their app. This means their app will scan your phone and check for sideloaded apps (anywhere that is not the official app store. For example, an app downloaded directly from APK Mirror or an unofficial app repository like F-Droid) as part of "anti-scam security measures that include restricting customers from accessing the banks’ digital services on their mobile phones if apps from unverified app stores – also known as sideloaded apps – are detected"[1]

Singapore banks will "restrict access if unverified apps AKA sideloaded apps are found on customers' phones" (News story from Sep 2023)

Examples

Banking and finance

All banks in Singapore (Citi, DBS, UOB, OCBC, Standard Chartered, CIMB) mandate use of their apps for consumers to perform any online banking activities, including logging in via their web browser.

Luckin Coffee, a China-origin Starbucks competitor, forces you to download their app to order and pay for coffee. You cannot order coffee at the cashier in their store, let alone pay. You must use the app to interact with this business and digital payments to pay.

The apps generate notifications that require users to approve/deny actions like logging in via a web browser, initiating a payment, adding a payee, etc via the app itself. Some banks previously offered sending an OTP via SMS (text) as an alternative to app-based approval but this has since been discontinued for "security reasons".

Utilities

SP Group is Singapore's primary and default electricity provider, as well as the country's only provider for gas and water for consumers. In 2022, SP Group removed the ability to manage payments from their website, forcing users to download and use their mobile app to pay bills/manage recurring payments[2].

As they are the country's only provider for gas and water, everyone in Singapore MUST download their app at some point.

  1. https://www.channelnewsasia.com/singapore/dbs-uob-anti-scam-sideloaded-app-malware-measure-latest-bank-restrict-app-access-3796806
  2. https://www.spdigital.sg/spapp/bill-payment
Retrieved from "https://wiki.rossmanngroup.com/index.php?title=Forced_App_Download_Experience&oldid=1664"