How to Use QR Codes for App Downloads

The five seconds where installs go to die

App-install funnels look simple from the outside and brutal once you measure them. Picture the journey: a customer scans a QR on a poster, a browser opens, a redirect runs, an interstitial appears, the App Store loads, the install button waits for a tap, the OS prompts for Face ID or password, the install runs, and the customer opens the app for the first time. Every step in that chain leaks. Industry telemetry from mobile measurement vendors puts the typical scan-to-install conversion at 15 to 30% for well-targeted campaigns and under 5% for poorly placed ones. The point is not that the steps are individually slow. The point is that each one is a chance for the customer to remember they were doing something else.

The right design treats every step as a tax to be minimized. Skip any landing page that does not earn its place. Pre-fill any field you can. Open the destination in the OS-native flow rather than an in-app browser whenever possible. The QR code use cases overview frames this drop-off pattern across categories, and the same logic applies sharper here because app installs already require the customer to part with storage and account credentials.

Raw store URL, universal link, or smart link

The simplest QR encodes a raw App Store or Google Play URL. This works only if you know your audience runs one platform. Conference badges for an iOS-only enterprise tool and packaging inserts for an Android-only emerging-market product can ship raw URLs without harm. Anything broader needs routing.

Apple universal links and Android App Links go one layer up. A universal link like https://yourapp.com/welcome opens the installed app directly if it is present, and falls back to the web page if it is not. The web page can sniff the user agent and redirect to the correct store. This is the right choice for organizations that already run a marketing site and want the QR to support both new acquisition and re-engagement of existing users.

Smart-link services such as Branch, Adjust, Kochava, and Firebase Dynamic Links wrap this routing logic into a single short URL. A Branch link looks like https://yourapp.app.link/abc123 and handles iOS, Android, desktop, and the deferred-deep-linking step (more on that below) without you writing the routing yourself. Firebase Dynamic Links uses https://yourapp.page.link/xyz with similar semantics. The trade-off is operational dependency: when a smart-link vendor has an outage or sunsets its product (Firebase Dynamic Links is winding down by August 2025), every QR you printed inherits that fragility. For long-lived physical placements like product packaging and outdoor signage, prefer your own universal-link domain over a vendor wrapper, and use vendor wrappers for time-bound campaigns where the QR will retire before any deprecation matters.

Device routing without an interstitial page

The dream is a printed QR that opens the App Store for iPhone users and Google Play for Android users without showing the customer a landing page in between. Universal links and App Links deliver that for users who have the app, but not for first-time installers. For the first-time path, you do need a router page, and the design goal is to make it invisible.

A well-built router page weighs under 10 KB, ships inline CSS, and runs a one-line JavaScript check on navigator.userAgent before issuing a 302 redirect. On iOS Safari, the redirect lands directly on the App Store sheet inside Safari, which then offers to switch to the App Store app. On Android Chrome, the redirect lands on Play Store, which in turn opens the Play app. A well-designed router shows nothing for the few hundred milliseconds it is alive, just a near-empty white page that looks like a brief loading flash. Customers do not perceive it as a step. A poorly built router takes two seconds to load, shows a “Choose your platform” screen with two giant store badges, and bleeds a third of your scans on that decision alone.

Deferred deep linking and the install handoff

Imagine a customer scans a QR on a poster for a specific in-app event, taps install, waits 30 seconds for download, opens the app, and lands on the generic onboarding flow. The context they came in with is gone. Deferred deep linking is the technical fix: the install link carries a payload (campaign ID, target screen, referral code) that survives the install gap and is delivered to the app on first open. Branch, Adjust, AppsFlyer, and Firebase all implement this through a clipboard handoff, an IDFV match, or an attribution callback.

The user-visible payoff is real. A music streaming app running campus posters with deferred deep linking can land new installs on the playlist page they were promised, not the home screen. A retailer running packaging-insert QRs can land returning shoppers on the loyalty signup with their order ID prefilled. The retail packaging playbook covers the broader physical-to-digital handoff design, and it pairs well with the deep-linking pattern when packaging is the install source.

Measuring which placement actually installs

The default analytics most teams set up answer the wrong question. Total scans tells you nothing about install efficiency, and total installs tells you nothing about which poster, which event, or which packaging insert paid back. Source-specific QR codesA 2D matrix barcode that encodes data in a square grid of black and white modulesA single black or white square in the QR grid. The number of modules per side scales with the QR versionThe size of a QR code, numbered 1 (21×21 modules) through 40 (177×177). Higher versions store more data but require more printed space. Read more →, from 21×21 modules for version 1 up to 177×177 for version 40. Read more →. Read more → are the answer. Generate a different short URL for each placement, and the install attribution falls out for free.

In practice this means one QR per campaign per surface: one for the airport billboard, one for the conference table tent, one for the SKU-3092 packaging insert, one for the email footer that customers print. The URL to PNG generator handles the printable artwork, and the URL to SVG generator is the right output for vector use on outdoor signage where scaling matters. For each QR, log the scan and the resulting install separately. The ratio between them is your placement quality score, and it varies by an order of magnitude across surfaces.

Why most QR-only landing pages hurt

A custom landing page between the QR scan and the App Store is a tempting place to put more marketing copy. Most of the time it is a mistake. Each second on that page costs roughly 30% of remaining customers, and the marginal information rarely justifies the loss. The exceptions are narrow: device routing for first-time installers (covered above), a short geo-gate when the app is not available in all regions, or a one-line trust statement when the QR appears in an environment with active spoofing risk such as crypto wallet promotions.

If you must run a landing page, ship it as a static HTML file from a CDN, keep total payload under 30 KB, avoid analytics scripts that block render, and make the store button the only above-the-fold interactive element. The QR code design best practices guide covers the printed-side considerations that pair with this server-side discipline, and the are QR codes safe overview is worth a read for any team designing public-facing install campaigns where spoofing is a realistic threat.

When the QR is on the device itself

Cross-device installation flows are increasingly common. A customer reads about your app on their laptop, sees a QR on the page, scans with their phone, and lands on the store. This pattern outperforms a “Send install link to my phone” SMS button because it skips the phone-number entry step. For this to work, the QR needs to render large enough on a 13-inch screen to scan cleanly from 30-40 cm away. Generate at the URL to PNG endpoint at 512 px or larger and let the page constrain it down with CSS. The QR code size and print guidelines cover the screen-rendering version of the same problem.