I've been seeing a lot of misinformation so:
| Word | Meaning |
|---|---|
| App | A Bot account on Discord, always has the "APP" flair |
| Server App | A Bot account with support to be added to Servers, so all the Server's members can use it |
| User App | A Bot account with support to be added to User accounts, so that User can use its commands in across Servers & DMs/GroupDMs |
-
It's an Bot account on Discord. Anyone can create an app. There is nothing special about specific apps on Discord.
-
Discord has not partnered with or made any AI apps, such as DomoAI (the common one used in the misinformation spread).
- The only thing that certain apps may be is featured in the App Directory, and sometimes hand-picked to have early access to new API features set for a later public release
-
You MUST add the app to your account or to a server to use it. It is NOT "in every server but sneakily don't show up in the member list". If you see the app used somewhere it is because someone added it to their account or to the server.
- Trying to use an app's commands that you don't actually have added to your account or server WILL prompt you to add the app before you can use it.
-
Apps can see images if you run its command on the message or mention the bot in your message*. Apps CANNOT scan every message unless someone is manually running a command on every message. See Message Content Intent for details.
- This is assuming the App is not added to the Server AND does not have the Message Content Intent. See the "What you can (or cannot) do" section below for more details.
- You can see if the App has the Message Content Intent (needed to see message content/attachments) in the App's profile.
- * The bot can only see messages its been mentioned in if it has been added to the Server.
-
Regarding DomoAI, they claim they don't train on artwork or images the app is used on. Whether you believe that or not is up to you, but Discord took down Shapes Inc. for training on user messages. I wouldn't recommend giving important images to random apps you don't trust anyway.
-
Apps do NOT have the ability to re-add themselves to a Server or to your Account after being removed/de-authorized. You have to explicitly and manually re-add them yourself if you later want said App back.
-
Banning the App does NOT disable anything. People can still use it if it's added to their accounts and Server admins can still re-add the bot to the server.
-
Disabling "Use Application Commands" and/or "Use External Apps" permissions does NOT prevent people from using it; it instead makes responses ephemeral (only visible to the person using the app).
- Furthermore, disabling "Use External Apps" permission does NOT prevent usage of Bots/Apps already added to the Server (they are NOT external Apps if added to the Server after all). Disabling the Permission only affects User Apps added to accounts.
- Please note: Disabling "Use Application Commands" permission will also affect usage of Bots/Apps added to the Server. (Namely, Slash & Context Commands from said Bots/Apps)
-
You CAN Right Click/Long Tap a message > View Interaction Info to find out who called the command and then ban/warn/etc.
-
If you (or your Server Admins) have added an App to your Server, don't give it permissions it doesn't need. Some examples are:
- "Admin" Permission - Never grant this one to Server Apps. No App needs it, and any that does is either badly/lazyly coded or malicious
- "View Channels" & "Read Message History" - These permissions (when granted TOGETHER) do allow a Server App to read messages sent before the App was added to the Server. BUT to repeat it, Apps cannot actually see the content & attachments of messages unless:
- their Context Commands were used on that message, either as a Server App or as a User App,
- or they were added to the Server AND they have the Message Content Intent,
- or they were added to the Server AND have been mentioned in that message.
- AND the developer(s) of the App has coded in functions into the App to read said messages
-
The "Edit Image with Apps" button (which was present in the original wave of the misinformation being spread) was removed by Discord in the second half of 2025.
- You can read about that button in the previous version of this Gist, found here.
- It has always been possible to ban someone from a Server via their User ID, even if they aren't in the Server at the time of the ban.
- Just because a Ban was successful doesn't outright mean that user was in the Server at the time. It just means you successfully added them to your Server's ban list, regardless of their existing presence in your Server or not.
- Plus, Discord does not check if the user you are banning is already banned from the Server or not. So, bans may still act as successful even if already banned.
- In other words: Just because a ban of the same already banned user was 'successful', doesn't mean they snuck back into the Server. It just means Discord needs to add a check to add a message stating the user is already banned!
- Message Content Intent Article
- Using Apps on Discord Article (includes User Apps and "Edit Image with Apps" button, also see the "What data can an app access" in the FAQ at the bottom of that article)
- Discord's Privacy Policy
- Discord's Developer Policy (See "Protect Discord Users" section onwards)
- "What Are Apps" article
- "How to use Apps" article (Specifically the big notice within the "Editing Images In Chat" section)
- Moderating Apps on Discord Article
- Overview of Apps API Documentation
- GET Messages API Documentation (also GET Message, singular, underneath it)
- Message Content Intent API Documentation
- DomoAI's own response to this misinformation:
- Message link to their response in their Discord Server
- Image link for the above linked response
For the curious: "Apps" is what Discord has been calling "bots" (those with the APP flair), to seperate them from malicious automated user accounts (which don't have the APP flair).
Original text from r/Undertale's Discord Server, with modifications & corrections by TwilightZebby here
Thanks given to the Discord Admins community for proof-reading and validating this to keep this Gist accurate.
As already stated in the original post:
Which is how it's always worked. Even before User Apps were made a thing, Server Apps were never bannable, only removable from Servers. (Which does severely block what access it has to the Server when it's not added as a Server App, as per the API Documentation).
and again, Bots can only read messages sent if:
This is all publicly documented by Discord and is reflective of how Discord's API actually behaves. (The API DOES block attempts to get messages when you or your bot doesn't have permissions or access to said messages - either with a "403 Forbidden" response, or by leaving message fields such as Content & Attachments empty when sent so the Bot cannot see them)