diff --git a/build.gradle b/build.gradle
index 0aa95fd..f530fd3 100644
--- a/build.gradle
+++ b/build.gradle
@@ -107,6 +107,9 @@ dependencies {
 
 	// health-check
 	implementation 'org.springframework.boot:spring-boot-starter-actuator'
+
+	//redirect
+	implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
 }
 
 tasks.named('test') {
diff --git a/src/main/java/com/assu/server/domain/qr/controller/RedirectController.java b/src/main/java/com/assu/server/domain/qr/controller/RedirectController.java
new file mode 100644
index 0000000..f6e0710
--- /dev/null
+++ b/src/main/java/com/assu/server/domain/qr/controller/RedirectController.java
@@ -0,0 +1,35 @@
+package com.assu.server.domain.qr.controller;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+
+@Controller
+public class RedirectController {
+	@GetMapping("/verify")
+	public String handleQrRedirect(
+		@RequestParam(value = "storeId", required = false) Long storeId,
+		@RequestParam(value = "sessionId", required = false) Long sessionId,
+		@RequestParam(value = "adminId", required = false) Long adminId,
+		Model model) {
+
+		String playStoreUrl = "https://play.google.com/store/apps/details?id=com.ssu.assu";
+
+		String appScheme = "assu-app://verify";
+		String finalAppUrl = "";
+
+		if (storeId != null) {
+			finalAppUrl = appScheme + "?storeId=" + storeId;
+		} else if (sessionId != null && adminId != null) {
+			finalAppUrl = appScheme + "?sessionId=" + sessionId + "&adminId=" + adminId;
+		} else {
+			finalAppUrl = appScheme;
+		}
+
+		model.addAttribute("appLink", finalAppUrl);
+		model.addAttribute("playStoreUrl", playStoreUrl);
+
+		return "qr_bridge";
+	}
+}
diff --git a/src/main/java/com/assu/server/global/config/SecurityConfig.java b/src/main/java/com/assu/server/global/config/SecurityConfig.java
index 70e0228..e7e809a 100644
--- a/src/main/java/com/assu/server/global/config/SecurityConfig.java
+++ b/src/main/java/com/assu/server/global/config/SecurityConfig.java
@@ -20,6 +20,7 @@ public SecurityFilterChain filterChain(HttpSecurity http, JwtAuthFilter jwtAuthF
                 .cors(cors -> {}) // 기본 CORS 구성 사용(필요하면 CorsConfigurationSource 빈 추가)
                 .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                 .authorizeHttpRequests(auth -> auth
+                        .requestMatchers("/verify").permitAll()
                         .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
 
                         // ✅ WebSocket 핸드셰이크 허용 (네이티브 + SockJS 모두 포함)
diff --git a/src/main/resources/templates/qr_bridge.html b/src/main/resources/templates/qr_bridge.html
new file mode 100644
index 0000000..1e5c339
--- /dev/null
+++ b/src/main/resources/templates/qr_bridge.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>ASSU 연결 중</title>
+    <style>
+        body { font-family: -apple-system, sans-serif; display: flex; align-items: center; justify-content: center; height: 100vh; margin: 0; background-color: #f8f9fa; }
+        .container { text-align: center; padding: 20px; }
+        .spinner { border: 4px solid #f3f3f3; border-top: 4px solid #3498db; border-radius: 50%; width: 40px; height: 40px; animation: spin 1s linear infinite; margin: 0 auto 20px; }
+        @keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } }
+        a { color: #3498db; text-decoration: none; font-weight: bold; }
+    </style>
+</head>
+<body>
+<div class="container">
+    <div class="spinner"></div>
+    <p>앱으로 연결 중입니다...</p>
+    <p style="font-size: 0.9em; color: #666;">연결이 되지 않으면 <a th:href="${playStoreUrl}">여기</a>를 클릭하여 설치해 주세요.</p>
+</div>
+
+<script th:inline="javascript">
+    /*<![CDATA[*/
+    const appLink = [[${appLink}]];
+    const storeUrl = [[${playStoreUrl}]];
+
+    // 1. 앱 실행 시도
+    window.location.href = appLink;
+
+    // 2. 앱이 없어서 브라우저가 계속 포그라운드에 있으면 2초 뒤 스토어로 이동
+    setTimeout(function() {
+        if (!document.hidden) {
+            window.location.href = storeUrl;
+        }
+    }, 2000);
+    /*]]>*/
+</script>
+</body>
+</html>
\ No newline at end of file