Yes, great point. Privacy / dark pattern concerns aside, I used to like having a paper pass in case something happened to my device. I wonder what would happen in practice if you printed a screenshot of the app? After all, a screenshot on a phone works fine.

They currently don't check that at the gate. They just look if it's on a phone or not.

My qualm is that corporate apps like this are malware and I don't want them on my device. Especially when they know the only way to get me to install it is to force it on me. That makes me especially not want it. So even installing the app in the first place just to get the code doesn't sit right.

So this has nothing to do with where the code is, but that getting access to it at all requires the malware.