5 Real-Life Examples of Mobile App Bugs That Harmed Major Companies

In theory, you know mobile app bugs are bad news.

But you don’t always realize just how serious their consequences can truly be.

That is, until you hear how they’ve impacted some of the biggest, most successful companies around the world.

That’s exactly why we’ve compiled a list of 5 of the worst mobile app bugs that shook major companies.

Some bugs on this list negatively impacted companies’ reputations, while others resulted in financial losses—and in some cases, both.

So, if you want to know how these bugs happened, how the companies responded to the fallout, and what can be done to prevent this from happening to you, read on.

The first example on our list comes from Sonos, an American manufacturer of audio equipment headquartered in Santa Barbara, CA.

Sonos is focused on providing its customers with a premium listening experience through headphones, speakers, home theater systems, soundbars, and various accessories.

But aside from a variety of state-of-the-art physical products, they also have no less than 3 apps, all serving different purposes that aim to improve the user experience.  

It all sounds great on paper: the users can control their Sonos system from any device, regardless of whether they’re using the older or newer versions of products.

So, where did things go wrong?

The issues started in May 2024, when Sonos rolled out the new, redesigned version of their primary app.

The goal was, naturally, to provide a better user experience, but the exact opposite ended up happening. 

Some of the issues that users called out included:

Simply put, the new version of the app made it impossible for users to perform basic functions, essentially rendering it useless.

All of this begs the question: How did Sonos let this happen?

In an interview with Reuters, their CEO Patrick Spence explained that a lack of proper testing and the eagerness to push out a lot of features all at once were to blame. 

The rushed decision to roll out the new version of the app resulted in a plethora of negative feedback from customers across different platforms.

Below, you can see a couple of the comments that upset users have left on the Sonos app feedback megathread on Reddit:

After a wave of negative reactions online, the company has made a commitment to:

But even so, the repercussions of this bug-filled release have already gone way beyond user disappointment.

It is being reported that Sonos will have to pay $20 to $30 million in the short term in order to fix the app and restore the trust of its partners and customers.

Spence explains: 

On top of everything else, the high cost of fixing the damage has pushed Sonos to lay off about 100 employees in August.

This unfortunate chain of events teaches a valuable lesson, though: 

Never underestimate the importance of thoroughly testing your app and squashing as many bugs as possible prior to releasing any updates.

It can save not only your resources, but your reputation, too.

Ola, India’s largest mobility platform and one of the largest ride-hailing companies in the world, has experienced not one, but two bugs that hurt both their bottom line and their reputation.

Back in 2015, a couple of young software engineers playing around with the Ola app stumbled upon a bug, notified the company about it, and—ended up getting ignored.

So, what actually happened?

As they were testing the app for vulnerabilities, they accidentally got access to a software code that made it possible for them to use Ola’s first-time customer promotion an unlimited number of times and top up their Ola Wallets with any amount of money.

Shubham Paramhans, one of the engineers in question—who is now Head of Engineering at a blockchain-based platform Rovi Network—explained how things went down: 

Paramhans went on to explain that this was possible because Ola allowed the same order ID code—provided to users when they book their first ride—to be used for an unlimited number of wallet recharges in any amount.

Although the two engineers were asked not to disclose the bug publicly, it remains unknown whether (and how many) app users may have accidentally found out about the unlimited free-ride hack before it had the chance to be fixed.

Ola issued the following statement regarding the whole situation: 

And while this bug will have certainly hurt Ola financially, this is not where the story ends.

After Ola confirmed that the free rides bug had been fixed, the ethical hacker duo uncovered that there was another bug—this time, causing harm to app users.

They explained that, while they were no longer able to top up their Ola Wallets, they were still able to access the usernames and passwords of Ola users when the devices were used in a shared network.

This security issue would allow hackers to enter the wallets of unsuspecting Ola users, order rides through their accounts, and have them pay.

Later on, Ola confirmed that all bugs had been fixed. 

However, even almost 10 years later, their issues with bugs seem to be far from over.

More recently, users have been reporting a bug that causes the app to book multiple vehicles for a single ride, harming both users and drivers.

All of these incidents point to the fact that, while bugs may seem small or insignificant, the repercussions can be serious.

In 2023, it was reported that the global fintech company Revolut found themselves faced with a bug that criminals used as a way to steal more than $20 million.

A bug in Revolut’s US payment system made it possible for cybercriminals to get refunds for payments that never went through in the first place.

They would attempt to make an expensive purchase knowing that the payment would be declined and—thanks to the bug—have Revolut refund the money that was never actually on their accounts in the first place.

They would then go to ATMs, withdraw the money, and repeat the process.

This went on for several months in 2022, and about $23 million got stolen before a partner bank in the US caught on and Revolut fixed the bug.

The Financial Times reported on the matter, explaining what exactly went wrong: 

And while the scheme affected Revolut’s corporate funds rather than customer accounts, it’s been revealed that the fintech giant experienced a data breach, too.

Namely, sensitive information like names, email and physical addresses, and even partial card information of over 50,000 users were exposed in the attack.

One affected user took to Reddit to share the concerning email they received.

It’s not surprising that this—combined with the fact that Revolut didn’t realize they were being stolen from for months—made Revolut’s users extremely concerned about the security of their data overall.

How can they be sure that their confidential information is truly being kept safe if a large-scale fraud like this doesn’t get flagged for a prolonged period of time?

While Revolut was able to retrieve 3 of the 23 million dollars that were stolen from them, earning back the trust of their users might turn out to be a more challenging task.

Despite its status as one of the biggest tech players in the world, Apple isn’t immune to bugs, either.

In 2019, a 14-year-old in Arizona FaceTimed his friend and was able to hear what was going on on the other end before the friend even answered the call.

Upon learning about the issue, his mother contacted Apple Support, Apple’s security team, and even took to social media to warn them about the security flaw in iOS 12.1 that could have had serious repercussions.

But to no avail.

No action was taken until a week later, when a developer reported the same thing and an article about it went viral.

The tech giant with over 2 billion users worldwide was criticized for being slow to take the matter seriously and protect its users. 

Before we discuss the fallout, though, let’s explain what actually happened.

Upon investigation, it was revealed that the issue would occur when a second person was added to a group FaceTime call.

The bug would then make it possible to capture the audio and video of the first person that was added to the call before they answer the phone, or—arguably even worse—if they never answer the call to begin with.

But, as we mentioned, it wasn’t just the potential for malicious use of the bug that raised concerns among users.

It was also the fact that such an easy-to-exploit bug was missed by Apple’s team.

Patrick Wardle, CEO of DoubleYou.io, a cybersecurity startup focused on protecting Apple devices, agrees. 

Knowing that they were potentially being listened in on without their knowledge is uncomfortable for private users as it is.

But the consequences for businesses could go far beyond uncomfortable, explains Sam McLane, Triage Security Analyst at Arctic Wolf Networks.

In that context, a lawyer from Houston, TX, filed a lawsuit against Apple for unspecified damages, claiming that the bug caused a private deposition with a client to be recorded by a third party without his knowledge.

According to official documentation, the court denied his motion to send the case back to a lower court and granted Apple’s motion to dismiss the case.

But even though nothing came of the lawsuit, this was one very expensive bug for Apple—it cost them a good portion of the trust their users had in their security levels.

Klarna, a Swedish fintech company that provides payment processing services also fell victim to a bug that endangered their users’ information.

In May 2021, this well-known buy now, pay later (BNPL) platform was flooded by users reporting that, upon trying to log into their accounts on the mobile app, they ended up in other users’ accounts.

And, to make matters worse, each login attempt would result in them accessing a different user’s account! 

But, unlike Apple, Klarna reacted quickly.

Only 31 minutes after the issue had been brought to their attention, Klarna took the app offline for maintenance.

In the official statement on their website, they clarified that:

The bug affected around 90,000 users and was confirmed by Klarna to be an internal error.

Although the issue was resolved quickly and without financial repercussions, Klarna still faced a loss of user confidence in its data security practices.

Given all this, the question of whether this incident could been avoided altogether comes up naturally.

In many cases, it can—with the help of thorough mobile app testing during which bug reporting tools are used.

Take our own solution, Shake, as an example.

Shake is an easy-to-use tool that streamlines the process of fixing potentially detrimental bugs by allowing testers and users to report bugs with ease.

All they need to do is shake the device, and a bug report is generated automatically.

Shake collects over 50 different data points crucial to fixing the bug—from environment data, recordings, and screenshots, to console logs and more.

This high level of detail allows developers to understand exactly what happened immediately: no back and forth, and no time wasted.

Now, did Klarna have protocols in place to shield their app from bugs?

They confirmed that yes, there were security protocols in place and testing was performed.

However, they did not manage to prevent the incident.

But even though sometimes safeguards can fail, it is still important for companies to do everything they can to prevent bugs and work on consistently improving their security practices.

With that, we wrap up our list of some of the worst mobile app bugs that caused serious harm to some of the most well-known companies in the world.

So, what can we learn from these incidents?

That bugs, no matter how minor they might seem, can ultimately cause serious financial, reputational, and even legal harm.

This makes app testing, thorough bug reporting, and robust security practices that much more important.

Combined, they can nip bugs in the bud—before they get the chance to escalate into serious issues with repercussions that can be difficult to recover from.