Consumer Rights in the Mobile App Ecosystem 2026

Consumer Rights in the Mobile App Ecosystem 2026. In the 21st century, where digitalization is progressing at a dizzying pace, mobile applications have settled at the center of daily life. These software programs, offering services in a wide spectrum ranging from banking transactions to entertainment, health to education, have led to the emergence of new and complex forms of relationships in the legal world. The legal relationship established between the user and the application developer or platform provider goes beyond classical obligations law principles, presenting a multi-layered structure with sui generis (unique) characteristics at the intersection of consumer law, IT law, intellectual property law, and personal data protection law. This report aims to address disputes arising from mobile application contracts, user rights, provider obligations, and judicial precedents in the light of Turkish Law legislation and internationally accepted principles, with academic depth and a practical perspective.

In the Turkish legal system, mobile application contracts are not regulated by a single law but possess a mixed structure requiring the concurrent application of different laws and regulations within the hierarchy of norms. While the basis of this structure is formed by the Turkish Code of Obligations (TBK) No. 6098, in cases where the user who is a party to the contract holds the title of “consumer”—which is the case in the vast majority of mobile applications—the Law on the Protection of the Consumer (TKHK) No. 6502 and secondary legislation prepared based on this law find application area. In particular, the Regulation on Distance Contracts, the Regulation on Subscription Contracts, and the Regulation on Unfair Terms in Consumer Contracts play a key role in the resolution of disputes in this field. Furthermore, in the digital economy where data is described as the “new oil,” the Law on the Protection of Personal Data (KVKK) No. 6698 and the Law on the Regulation of Electronic Commerce (ETK) No. 6563 are other fundamental norms drawing the boundaries of the contractual relationship.

I. Legal Nature and Formation Mechanism of Mobile Application Contracts

1.1. Mobile Application Relationships as Distance Contracts

Legal relationships established via mobile applications are defined as “Distance Contracts” in our law because they are established using remote communication tools without the parties coming face to face physically. Distance contracts are contracts established between a seller or supplier and a consumer within the framework of a system created for the remote marketing of goods or services, without simultaneous physical presence, using remote communication tools up to and including the moment the contract is established. By this definition, the relationship established when a user presses the “Download” or “Buy” button on the App Store or Google Play Store is a typical distance contract.

These contracts are generally synallagmatic (imposing debts on both parties) contracts in terms of their legal nature. While the provider undertakes the obligation to allow the digital content (application) to be downloaded to the user’s device and to ensure that the application performs its promised functions; the user undertakes the obligation to pay the determined price, if any, and to tolerate the processing of their personal data and comply with the terms of use in free applications. The concept of “price” here tends to be interpreted broadly to include the data provided by the user as indirect consideration, in the face of the reality of data commercialization in today’s digital economy.

1.2. Digital Appearance of Declaration of Will: Click-Wrap and Browse-Wrap Contracts

The concurrence of declarations of will during the formation of mobile application contracts occurs through digital interfaces. In legal doctrine and practice, these contracts are generally established via “Click-Wrap” or “Browse-Wrap” methods.

• Click-Wrap Contracts: These are contracts established by the user checking a box declaring that they have read and accepted the contract text or by clicking an “I Accept” button. In terms of Turkish law, this is the safest method for the validity and proof of the declaration of will. The Court of Cassation and lower courts accept that the contract is established in cases where the user declares acceptance with an active action (clicking).
• Browse-Wrap Contracts: These are models where the user is deemed to have accepted the terms simply by continuing to use the website or application without pressing any confirmation button. The validity of this method is controversial in terms of Turkish law. Considering the “clear and understandable information” and “approval” conditions of the Law on the Protection of the Consumer, the binding nature of such methods that do not include the active will of the user is weak.

The moment of formation of the contract is the moment the user fills out the registration form, confirms the purchase transaction, or downloads the application. The contract between the parties remains in effect indefinitely unless otherwise specified or terminated.

1.3. Critical Importance of Preliminary Information Obligation

Law No. 6502 and the Regulation on Distance Contracts have regulated the information of the consumer before the contract is established as a mandatory provision. This aims to prevent the consumer from incurring debt without being fully enlightened about what they are buying, how much they will pay, and what their rights are.

In mobile applications, the preliminary information obligation must include the following elements:

1. Identity of Seller/Provider: MERSIS number, full address, phone number, and email information. Merely stating an app name or brand is not sufficient; the title of the legal entity must be written clearly.
2. Basic Characteristics of the Service: Functions of the application, technical requirements (OS version, hardware needs, etc.), and restrictions of digital content, if any.
3. Total Price: Total price including taxes, fee per subscription period if any, and auto-renewal conditions.
4. Right of Withdrawal: Whether the consumer has the right of withdrawal, if so, the duration and method of use; if not (if within the scope of exception), this situation must be clearly stated.
5. Dispute Resolution: Authorities where consumers can submit their complaints and communication channels.

According to the Regulation, the heaviest sanction for failure to provide preliminary information is that the right of withdrawal period is not limited to 14 days but extends up to 1 year. This poses a serious financial risk for app developers. Furthermore, it is essential that the preliminary information form is transmitted to the consumer via a permanent data carrier (email, in-app message box, etc.) and the burden of proof lies with the seller.

II. Control of Unfair Terms and Imbalances Against the Consumer

2.1. General Transaction Conditions and Concept of Unfair Terms

Mobile application contracts are of the nature of “General Transaction Conditions” (GTC) in terms of legal technique. These are contract texts prepared unilaterally in advance by one party (developer) and presented to the other party (user) without offering the opportunity to negotiate. In consumer law, provisions in such contracts that create an imbalance against the consumer are called “Unfair Terms” and are null and void (invalid).

For a contract clause to be considered an unfair term;

• It must not have been negotiated with the consumer (this element exists as a presumption in standard form contracts),
• It must create an imbalance in the rights and obligations of the parties contrary to the rule of good faith,
• This imbalance must be against the consumer.

2.2. Frequently Encountered Unfair Terms in Mobile Application Contracts

In practice, some standard clauses added to contracts by global technology companies or local developers constitute unfair terms in the face of Turkish law and Court of Cassation precedents.

Unfair Term Category	Example Contract Clause	Assessment and Sanction in Turkish Law
Disclaimer of Liability	“Our company is in no way responsible for data loss, device malfunction, or loss of profit arising from the use of the application.”	Null and Void. The provider cannot remove liability arising from gross negligence or intent. Terms removing liability in case of bodily or material damage to the consumer are unfair terms.
Unilateral Change	“The service provider reserves the right to change these contract terms and fees at any time without prior notice.”	Unfair Term. Unilateral modification of essential elements of the contract (price, scope of service) disrupts the contractual balance. A notification and approval mechanism is mandatory for changes.
Jurisdiction Agreement	“California/Ireland courts are authorized for disputes arising from this contract.”	Invalid. In consumer lawsuits, the authorized court is the court of the consumer’s place of residence. Terms authorizing a foreign court are considered unfair terms by the Court of Cassation as they restrict the consumer’s freedom to seek rights.
Evidence Contract	“In case of dispute, only the company’s books and records will be considered conclusive evidence.”	Unfair Term. Clauses preventing the consumer from proving their claim with other evidence (screenshot, bank receipt, etc.) are invalid.
Arbitrary Termination	“The company may close the user’s account without showing any reason.”	Creates Imbalance. Cutting off access to a service for which the consumer has paid without a just cause is contrary to the contract.

2.3. Court of Cassation’s Approach to Jurisdiction Clauses and MÖHUK Relation

“Authorized court” clauses frequently seen especially in foreign-origin game and application contracts conflict with Article 47 of the Law on International Private Law and Civil Procedure (MÖHUK) No. 5718. Acting on the principle of consumer protection, the Court of Cassation considers such a clause invalid if authorizing a foreign court would make it impossible or excessively difficult for the consumer to file a lawsuit. According to precedents, for a jurisdiction agreement to be valid, the authorized court must be specific and this situation must not create a severe imbalance against the consumer. A Turkish consumer has the right to file a lawsuit in the Consumer Court of their own residence even against an international platform.

III. Right of Withdrawal in Digital Content: Theory and Practice

3.1. Basic Principle of Right of Withdrawal

In distance contracts, the consumer has the right to withdraw from the contract within 14 days from the date of receipt of the goods or signing of the service contract, without showing any reason and without paying any penal clause. This right protects the consumer’s freedom to change their mind later about a product/service they have not seen, touched, or tried. With the exercise of the right of withdrawal, it is mandatory to refund all payments made by the consumer (including delivery costs, if any) within 14 days.

3.2. Exceptions to Right of Withdrawal in Digital Content and Services

In the world of mobile applications, the right of withdrawal is subject to significant legal restrictions due to the “intangible” nature of the product. Article 15 of the Regulation on Distance Contracts regulates the exceptions where the right of withdrawal cannot be exercised. These exceptions have been introduced to protect the functioning of the digital economy, as the return of a digital product that has been consumed or copied once may be technically difficult or impossible.

The two most critical exceptions are:

1. Services Performed Instantly in Electronic Environment: For example, when a cloud storage service is purchased or a premium membership is activated, the service starts instantly.
2. Intangible Goods Delivered Instantly to the Consumer: “Diamonds”, “gold” purchased in mobile games, downloaded music files, e-books, or video content fall into this scope.

However, there is a vital prerequisite for these exceptions to apply: Consumer’s Approval and Information. According to the regulation, the seller/provider must obtain explicit approval from the consumer that they “will lose their right of withdrawal” before the performance of the service begins. If the consumer does not check a box stating “I know I will lose my right of withdrawal if I download immediately” at the time of purchase or is not informed about this, they can continue to exercise their right of withdrawal.

3.3. Return Policies of App Markets and Conflict with Turkish Law

Platforms like Apple App Store and Google Play Store apply global return policies.

• Google Play: Generally evaluates refund requests made within 48 hours of purchase with automated systems. Cases exceeding 48 hours are directed to the developer.
• App Store (Apple): Although there is no specific time restriction stated as strict as 48 hours publicly, it takes refund requests via the “report a problem” interface and evaluates each request according to its own internal criteria.

A hierarchy problem arises here. Even if the platform policy says “non-refundable,” if the transaction falls under “defective service” or “lack of information” in Turkish legislation, Turkish law prevails. For example, if a mobile game constantly crashes, does not offer the promised graphics, or contains a security vulnerability, this is “Defective Performance”. In case of defective performance, the 2-year statute of limitations applies, not the 14-day withdrawal period, and the consumer always has the right to a refund. Consumer Arbitration Committees accept refund requests rejected by platforms on the grounds of defective service and rule for the refund of the fee.

IV. Subscription Economy and Contract Termination Rights

4.1. Indefinite Term and Committed Subscriptions

Mobile applications are increasingly shifting from the “One-Time Sale” model to the “Subscription” (SaaS – Software as a Service) model. This model puts consumers into a long-term debt relationship. Law No. 6502 and the Regulation on Subscription Contracts have granted strong termination rights to prevent the consumer from falling into the “subscription trap”.

Pursuant to Article 52 of the Law and relevant regulation provisions; consumers have the right to terminate indefinite term subscription contracts or fixed term subscription contracts longer than one year at any time, without showing any reason and without paying any penal clause. This is a mandatory provision especially for annual prepaid app memberships or those containing commitments longer than 12 months. App developers’ impositions such as “Cannot be cancelled in the annual plan” are unlawful.

4.2. Auto-Renewal and Notification Obligation

One of the biggest problems in mobile app subscriptions is the silent renewal of the subscription at the end of the free trial or the term. In terms of consumer law, for the auto-renewal clause to be valid, the consumer must have been explicitly informed about this and a reminder must be sent to them before the renewal period.

The Regulation on Subscription Contracts obliges the seller to inform the consumer before the subscription period expires. Fees collected from renewals made without the consumer’s approval are of the nature of “unfair collection” and must be refunded. Consumer Arbitration Committees can decide on the refund of fees collected despite the consumer revealing their will to cancel (for example, by deleting the application, although legally deleting the app is not deemed termination, there are cases where it is interpreted as a declaration of will). However, the safest way is to perform the official cancellation process from the app market subscriptions menu.

4.3. Calculation of Withdrawal Fee in Committed Subscriptions

In committed subscriptions shorter than 1 year (e.g., “50 TL discount per month for a 12-month stay promise”), if the consumer exits before the term, they may face a “withdrawal fee”. However, this fee cannot be determined arbitrarily. The Regulation has introduced a “Ceiling Limit” for the protection of the consumer.

The withdrawal fee cannot exceed whichever of the following two amounts is in favor of the consumer (lower):

1. The total of discounts provided to the consumer until the date the subscription is terminated.
2. The total remaining amount to be paid until the end of the contract.

For example, from a user who exits in the 11th month of a 12-month contract, the discount of the past 11 months cannot be requested; because the cost of the remaining 1 month is lower. The consumer can exit by paying only for the remaining 1 month.

V. Vulnerable Groups: Transactions of Minors and the “Unauthorized Transaction” Problem

5.1. Legal Capacity of Minors and Invalidity of Contracts

High amounts of spending (In-App Purchases) made by children in mobile games without their parents’ knowledge is a global problem as well as a significant subject of dispute in Turkish law. According to the Turkish Civil Code, minors capable of judgment (limited capable) can only perform transactions that put them under debt with the consent of their legal representatives (parent/guardian). Transactions without the consent (ratification) of the parent are “pending invalid” and the contract is invalid unless the parent gives approval.

Based on this legal foundation, a game expenditure of 10,000 TL made by a child with their parent’s credit card is an invalid transaction if not approved by the parent, and the money must be refunded.

5.2. Problem of Proof and the Reality of 3D Secure

Although the legal theory is as such, in practice the burden of proof is on the consumer. Banks and platforms assume that the cardholder performed the transaction if it was done with a password (password/biometric) or 3D Secure SMS code. To obtain a refund before Consumer Arbitration Committees and Courts, the following points are decisive:

• Transaction Pattern: Spending made consecutively, within seconds, and at an irrational frequency (e.g., buying the same diamond pack 20 times in 5 minutes) may constitute a presumption that the person performing the transaction is a child or an unauthorized person.
• Security Settings: It is checked whether the parent kept the “Require authentication for purchases” setting on the platform open. If the parent has not taken necessary precautions, the refund may be rejected or the amount may be reduced due to “contributory negligence”.
• Court of Cassation Approach: The Court of Cassation emphasizes that while the bank or credit card holder is obliged to ensure the security of the card, information systems also have the obligation to detect and stop “unusual movements” (fraud monitoring). Failure of the bank/platform to issue a suspicious transaction warning in excessive spending made by a child can be evaluated as a service defect.

VI. Use of Personal Data as Commercial Value and KVKK

6.1. Performance of Contract vs. Explicit Consent

Mobile applications are data-intensive systems. Within the scope of Law No. 6698 (KVKK), for the processing of personal data, either one of the processing conditions listed in the law (performance of contract, legal obligation, etc.) must exist, or the person’s “Explicit Consent” must be obtained.

The most common mistake made by app developers is requesting data unrelated to the operation of the application (e.g., a flashlight app asking for access to contacts or gallery) and presenting this as a “contract condition”. The KVKK Board has adopted the principle of “Prohibition of Linking Service to Explicit Consent Condition”. That is, the provision of a service cannot be conditional on consent to the processing of data that is not mandatory for the performance of that service. The user should be able to use the application even if they reject unnecessary permissions.

6.2. Obligation to Inform and Privacy Policies

The “Privacy Policy” presented by mobile applications on market pages or first launch screens must meet the “Obligation to Inform” in Article 10 of KVKK. In this text;

• Identity of the data controller,
• Which data is processed for what purpose,
• To whom the data is transferred (domestic/foreign),
• The legal reason for data collection must be clearly written.

Especially in foreign-origin applications (whose servers are outside Turkey), since the transfer of data abroad is in question, this transfer cannot be made without the user’s “Explicit Consent” (Although there are alternatives such as adequacy decision or undertaking with new regulations, consent is still a fundamental mechanism).

VII. Administrative Obligations: ETBIS, IYS, and Tax

7.1. ETBIS Registration Requirement

Pursuant to the Law on the Regulation of Electronic Commerce and relevant communiqués, service providers selling goods or services over the internet (including in-app sales) are required to register with the Electronic Commerce Information System (ETBIS). This registration is for the state to monitor e-commerce volume and prevent informality. If the mobile app developer is a company or does not benefit from tradesman exemption, they must register with ETBIS and publish the QR code on their site/app.

7.2. Commercial Communication and Message Management System (IYS)

“Push Notifications”, SMS, and E-mails sent by mobile applications to users have the status of “Commercial Electronic Message”. It is a legal obligation to obtain prior permission from the user to send these messages and to record these permissions in the Message Management System (IYS).

• Approval Mechanism: Commercial message approval must be obtained with a separate box (Opt-in) from the contract acceptance. Pre-checked boxes are invalid.
• Right of Refusal: The user can refuse to receive commercial messages at any time, without showing any reason. When the refusal notification is made via IYS or from within the application, the provider must stop sending within 3 business days.
• Administrative Fines: High administrative fines are applied by the Ministry of Trade to app owners who do not register with IYS or send unauthorized notifications.

7.3. Income via Google Play and App Store and Tax

Income obtained from in-app sales is considered commercial gain and is subject to tax. Google and Apple pay the developer the remaining amount after deducting the platform service fee (commission). However, according to tax legislation in Turkey, it is the developer’s responsibility to accrue VAT on sales made to the end user and declare the income. With the “Exemption for Social Media Content Creators and Mobile App Developers” introduced in recent years, earnings up to a certain amount are taxed by withholding 15% from the money deposited in a special account opened at a bank, and the obligation to submit a declaration is removed. This is a great convenience for developers.

VIII. Resolution of Disputes and Application Routes

The legal roadmap to be followed in disputes arising between the consumer and the application provider (refund rejection, unfair deduction, account closure, etc.) is gradual.

8.1. Consumer Arbitration Committees

The fastest and cost-free solution path in consumer disputes is Consumer Arbitration Committees. Application to Arbitration Committees is mandatory for disputes below the monetary limit determined by the Ministry of Treasury and Finance every year. As of 2024, this limit is 104,000 TL (increases annually by the revaluation rate). Applications can be made via e-Government (TÜBİS) together with proving documents (invoice, screenshot, contract). Arbitration Committee decisions have the force of a court verdict and can be enforced through Enforcement Offices.

8.2. Consumer Courts

For disputes above the monetary limit or in case of objection to the Arbitration Committee decision, the competent authority is Consumer Courts. Before filing a lawsuit, it is mandatory to apply to the “Mediation as a Condition of Litigation” institution pursuant to Article 73/A of Law No. 6502. If an agreement cannot be reached in mediation, a lawsuit can be filed.

8.3. Administrative Complaint Channels

• Ministry of Trade Board of Advertisement: If there are misleading statements in the promotion of the application (e.g., saying “Completely Free” but asking for money), a complaint can be made to the Board of Advertisement to ensure an administrative fine and suspension of advertisement penalty are issued.
• KVKK Complaint: In case of unlawful processing of personal data, the right to complain to the Personal Data Protection Board is reserved.

Table 1: Critical Legal Periods and Thresholds in Mobile App Contracts

The table below summarizes the basic statutes of limitations and forfeiture periods that consumers and developers should pay attention to.

Transaction / Right	Legal Period	Legal Basis	Explanation
Right of Withdrawal	14 Days	TKHK Art. 48	Starts from delivery of goods or formation of contract.
Withdrawal in Lack of Info	14 Days + 1 Year	MSY Art. 10	Period extends if preliminary information is not provided.
Defective Service Limitation	2 Years	TKHK Art. 12	Starts from the performance of the service.
Commercial Message Refusal	3 Business Days	IYS Regulation	Sending must stop after refusal notification.
Objection to Arbitration Decision	15 Days	TKHK Art. 70	Made to Consumer Court starting from notification of decision.
Response to KVKK Application	30 Days	KVKK Art. 13	Data controller must respond to application within 30 days at most.

Table 2: Comparison of Digital Platform Policies with Turkish Law

This table shows the fundamental differences between global store rules and national legislation.

Subject	Google Play / App Store Policy	Turkish Consumer Law (TKHK)	Legal Supremacy
Refund Period	Generally 48 hours (Google), Case-based (Apple)	14 Days (Right of Withdrawal)	Turkish Law (Except exceptions)
Defective Goods/Service	Tendency to direct to developer	Right to refund during statute of limitations (2 Years)	Turkish Law
Authorized Court	Foreign Courts (California, Ireland, etc.)	Court of Consumer’s Residence	Turkish Law (Public order)
Liability	Platform is only intermediary (Intermediary Service Provider)	Platform and Developer may be jointly liable	Depends on the situation

Mobile application contracts constitute one of the most dynamic and conflicted areas of modern consumer law. On one hand, there are rules standardized and imposed by global technology giants; on the other hand, there are mandatory rules of law which are a reflection of national sovereignty. Our review shows that the Turkish legal system possesses necessary instruments (TKHK, TBK, KVKK) to protect consumers against the power imbalance in the digital world.

In particular, decisions of the Court of Cassation invalidating jurisdiction clauses, interpretations of Consumer Arbitration Committees in favor of the consumer in subscription cancellations, and the KVKK Board’s stance prohibiting “consent conditional on service” show that user rights do not remain on paper. However, the effective use of these rights depends on the consumer acting consciously; reading preliminary information forms, applying within the legal period in case of defective service, and managing data permissions carefully. For application developers, preparing contracts not with a “copy-paste” logic but tailor-made in accordance with the requirements of Turkish legislation (ETBIS, IYS, Right of Withdrawal) is essential both to be protected from administrative fines and to ensure brand reputation.

---

Our Latest Articles