I’ve worked on apps like this for companies like this. What happens is that their IT department mandates an expensive pen test for suppliers, anti-root requirements are on the pen-tester’s generic checklist, and most companies won’t push back on the pen test results. If you do, they normally fold and admit it’s not required.
Pen-testers? People do it for auditors as well! $OLD_JOB literally took one of the auditor’s questions to heart and decided that the question meant they needed to separate the databases physically for each client, they didn’t realize they could have just said “logically separated”. People are more scared of these checklists than they really should be.
It's literally only McDonalds though who goes to this degree and does so across different codebases in locales across the world. The departments you're talking about exist in many places, but no other big company has their apps be like this so consistently.
Other companies do similarly ridiculous things. I’ve personally had to push back on this in non-McDonalds companies, and I see others out there with the same kinds of problems. For instance, Starbucks has a different app for different countries, and they region-lock them. So if you have an Apple ID registered in one country and you visit another, you can’t use install that country’s Starbucks app to order. Which is super unhelpful when there’s a language barrier because you are in a different country.
I've had the websites of two American store chains (Napa and Publix) block me while standing inside their stores because my prepaid eSIM from airhub.com geolocates to Israel. I'd really like to know what's in the heads of people who come up with this sort of crap.
> I'd really like to know what's in the heads of people who come up with this sort of crap.
They probably think that geolocation always perfectly works based on the physical location and don't consider edge cases like people with roaming SIMs (which is what I think a lot of those cheap data-only eSIMs effectively are) geolocating to their home country even when abroad.
Though by now you'd think that people are aware the e.g. the Google/Apple app store region locking basically locks out all tourists, but it seems that even that isn't necessarily common knowledge…
