Review / Comparison matrix of all UPI AppsReview / Comparison matrix of all UPI Apps

Originally posted on Srikanth @logic ‘s old blog on September 6, 2016. Reposted for historic purpose.

UPI apps for android from many banks were launched last week. While some didn’t see the rational behind each of these banks (or Payment System Players (PSPs) as they are better called in UPI system), releasing their individual apps as all of them can connect with any participating bank and a user only needs one app, others claimed that this will lead to increased competition and banks would be focused on gaining customers through better apps.

I tried out many of these apps (listed below) and built the feature comparison matrix (as on Sep 5th only). As we could see apps have small differentiation in feature sets and I am not even going to UX / support aspects of the app.

CashlessConsumer - UPI Applist, Issuer PSP list, VPAs, Stats

Highlights / Notes

• Canara Bank app is the only UPI app available on an Indic interface. (Hindi only) As UPI aims to achieve taller targets of financial inclusion, this feature is must have to gain more users beyond the initial few million Indian urban internet users. It also allows users to “reserve” VPAs and link to actual accounts later which no other app does.
• AxisPay has a verification flow, where you can verify the name of person in bank / VPA records upon entering VPA to confirm before paying.
• PhonePe has split payments feature using UPI which is not present in any other app currently.
• FSS Payments built app deployed by United Bank, Union Bank of India and Vijaya Bank has the option to create one-time / time bound / amount capped VPAs.
• TJSB bank has posted a complete User Manual on their site which is the most detailed available app documentation available for users.
• UPI apps of Bharatiya Mahila Bank, Punjab National Bank, Oriental Bank of Commerce were unavailable on play store, even though the UPI press releases had their names.
• Almost all the apps requests users to access GPS and location. Although currently apps don’t use this for anything, there could be some interesting use cases(Approve all UPI payments to DTH operator when am at my home, without need for requiring MPIN). Given the lack of privacy laws, there are some concerns here, but with Android 5 +, deny access to whenever the app prompts to deny banks unnecessary access to personal data and as far as I have tried, doing so never failed a transaction.
• The apps even though use data majorly doesn’t support use of them internationally and there are some users on play stores being told that access to app outside India is currently not supported.
• UPI deep linking specification mentions about refUrl parameter which can carry a URL metadata from which / for which the payment was made. This will help identify source of payment for blogs / web content. The apps dont show / have this parameter on the app UI while someone makes a payment nor they show in any reporting in transactions when someone reviews all incoming payments. I hope this will come soon.
• One scary thing I found out during the exercise was there is no specific app-update policy neither from banks themselves / nor NPCI. Launching 18 apps is only one step, maintaining them is entirely different. I was shocked to find Oriental Bank of commerce app was last updated in Oct 2013. While there have been serious security vulnerabilities (including Heartbleed) and many other Android vulnerabilities that got fixed, the app has not got any update. I wish NPCI also mandates PSPs to release an app update at least once in 3 months to cover for security fixes / bugs and cannot leave banking apps unmaintained.

The ones that remained in my phone uninstalled were PhonePe, Canara Bank, AxisPay. Comment down what stayed / will stay on your phone below.