Saturday, December 21, 2019

Zillow app for iOS: Truncated text on the Widgets

iOS 13.3
Zillow app for iOS (version 13.1.2)
Date: 12/22/2019

Description:

There's a minor problem with the Widgets created by the Zillow app for iOS. If the user disables location permissions, an error message appears on the Widget.

This error location error message is especially truncated. Take a look:

This is the truncated error message when a widget is added to the Springboard area of the device.

This is the truncated error message from the preview section for the app:

A little bit more text appears - but still truncated!

Steps to Reproduce:

1. Disable location access for the Zillow app for iOS
2. Look at the NEARBY HOMES widget
3. Note that the text is truncated

Result: If location services are disabled, the text on the NEARBY HOMES widget is truncated

Expected: There should never be truncated text - no truncated text on the NEARBY HOMES widget

Download and/or update to the latest version of the Zillow app. Disable location services...

Note the truncated text on the error message.


Posted by at No comments:
Labels: , , ,

Wednesday, December 11, 2019

My H-E-B app for iOS: Invisible Done button

iOS 13.3.3 on an iPhone 8
My H-E-B app for iOS (version 1.0.2)
Date: 12/12/2019

Description:

There is a minor bug with the recently released My H-E-B app for iOS.

There is an option to share the "Weekly ad" from inside of the app. This share page has an "Options>" link which brings up the standard "Options" menu, which allows the user to send the ad as either "Automatic" or "PDF" or "Archive."

On this option menu, the "Done" button doesn't appear - it is white in color, against a white background. This is bad user experience and goes against the Human Interface Guidelines which call for uniformity and ease of use with these options.

Take a look:





Steps to Reproduce:

1. Download and launch the My H-E-B app for iOS
2. Create an account
3. Select the "View weekly ad" option
4. Select the share option at the bottom of the weekly ad
5. Select the "Options>" link
6. Note that the "Done" button is invisible

Result: Invisible "Done" button on the Option sharing page for Weekly ads inside of the My H-E-B app

Expected: You should be able to see these "Done" buttons

Open the app...

Head to the "View weekly ad" option...

Choose the share option...

Choose the "Options>" link...

My colorblind ass can't tell if there's anything visible there.
Posted by at No comments:
Labels: ,

Tuesday, December 10, 2019

Neiman Marcus app for iOS: Declining Access to Camera Roll not respected

iOS 13.2.3
Neiman Marcus app for iOS (version 9.6.3)
Date: 12/10/19

Description:

The Neiman Marcus app has an interesting bug regarding access to the camera roll on the iOS device.

I've seen similar bugs to this one with all kinds of iOS apps. I've previously submitted a similar bug to be private bug bounty, only to be told it wasn't a security issue. I laugh when it was fixed anyways.

I believe that in this instance, with how the Neiman Marcus app is handling this issue, is  at the very least, a violation of the Human Interface Guidelines for IOS apps.

You can watch a brief video of this problem with the video attached to the Tweet.

This basic gist of this problem is this. When the user is presented with this prompt:


The "Don't Allow" setting is not respected. Selecting "Don't Allow" still gives access to the camera roll. I know that there are

I'll explain more about this below:



I know the video might be a bit difficult to follow, but i'll repeat... I believe that how the Neiman Marcus app handles this access to the camera roll is incorrect. Further more, even seeing that the app has clear access to the camera roll, if the user heads to settings, there is no confirmation of read access in settings.




Steps to Reproduce:

1. Download the Neiman Marcus app for iOS (version 9.6.3)
2. Launch the app
3. Select "Continue as Guest"
4. Select "Maybe Later" in regards to Push Notifications
5. Select the magnifying glass in the upper right
6. Click on the camera icon
7. From the "NM" Would Like to Access the Camera" message, select "Don't Allow"
8. From the "NM" Would Like to Access Your Photos" message, select "Don't Allow"
9. Dismiss the tutorial
10. Select the pictures icon in the bottom left hand corner of the screen
11. Note access to camera roll
12. Exit out of  app to Settings, note that app settings claim no camera roll access

Result: The Neiman Marcus app still accesses the iOS camera roll even after the user selects "Don't Allow" for this permission

Expected: If the user selects "Don't Allow" to a photo access message, the app should not have access to the camera roll of the iOS device
Select the magnifying glass...

Select the camera icon...

Select "Don't Allow"...

Select the camera roll icon...

Access to camera roll, even after declining access.



Posted by at No comments:
Labels: ,

Sunday, December 8, 2019

Settings crashes if you open one of Screen Time's Weekly Report Available notification and then press the left arrow

iOS 13.2.3 on an iPhone 8
Date: 12/08/2019

Description:

There is an easy to reproduce crash in the Settings area of the iPhone with iOS 13.2.3.

This crash occurs when the user receives and opens a "Weekly Report" notification from Screen Time. If the user opens up this notification:




And then selects the previous left facing arrow next to "Today"

The app will crash.

Here is a video of the crash as it happens:

Steps to Reproduce:

1. Wait to receive a "Weekly Report" notification from Screen Time
2. Open the "Weekly Report" notification
3. Scroll down from Scree Time screen, until the "Today, December 08" option appears
4. Select the back button

Result: The Settings app will crash if the user opens up the Screen Time settings via the Weekly Report notification and then press the left arrow

Expected: The Settings app should not crash if the user opens up the Screen Time settings option via a Weekly Report notification and then presses the left arrow
Posted by at No comments:
Labels: , ,

Thursday, December 5, 2019

Craigslist app for iOS: Easy way to disable the app!

iOS 13.2.3 for iPhone 8
craigslist app for iOS (1st release)
Date: 12/5/2019

Description:

Happy to finally see an official craigslist app for iOS! I've always enjoyed craigslist, so I have to, of course, report one minor bug with the app for posterity's sake.

There's a minor bug that occurs on listings. A user can cause the app to not display anything. This happens when the user simultaneously presses the "X" and the three dot share option from any product listing.

While this is unlikely to occur in a real life scenario, it is still always fun to document these types of bugs with iOS apps. These types of bugs are very common.

This is what I am seeing:

Please see the attached screenshots.

Steps to Reproduce:

1. Download and launch the craigslist app for iOS
2. Enter into the app
3. Head to any listing
4. From the detail page of any listing, simultaneously press the "X" and the three dot share option (takes a little practice)

Result: Easy way to disable the app by pressing the "X" and the three dot share option from any product listing inside the craigslist app

Expected: Shouldn't be able to disable the app this way

Launch the new app....

Head into the items that are for sale....

Take a look at "bicycles" as an example....

Select an item like a bicycle....

Select the "X" and the three dots simultaneously (takes some practice, but once you get the hang of it, it is easy)...

Cancel out of this menu....

App is frozen like this!



Posted by at No comments:
Labels: ,

Tuesday, December 3, 2019

Fabric: Life Insurance & Wills app for iOS: Bad error message from unrecognized email address in password reset

iOS 13 (13.2.3)
Fabric: Life Insurance & Wills app for iOS (version 1.0.2)
Date: 12/04/2019

Description:

There is an uninformative error message that is displayed by the Fabric app for iOS. If the user enters in an unrecognized email address into the password reset form, the follow error message appears:

'UserMigration failed with error An invalid argument was supplied. Please change the argument and try again.."

The invalid argument tells me that no such user is using that particular email. The error message should probably be changed to the generic error message: "check your inbox" that most apps use.

Steps to Reproduce:

1. Download and launch the Fabric: Life Insurance & Wills app (version 1.0.2) for iOS
2. Select the "Sign in" option in the upper right hand corner of the screen
3. Select the "Forgot Password" option
4. Enter in a bogus email address (an email address not in use by the app)
5. Press the "SEND RESET LINK" option
6. Note the "UserMigration failed" error message at the top of the screen

Result: Fabric's error message displayed when an unrecognized email address sends a password reset request informs the user that the particular email address they attempted is not in use by the app. The error message is not informative as well

Expected: A generic and easy to understand error message. Error message should not indicate if a particular email address is in use or not

Download and launch the Fabric app...

Select the "Sign in" option in the upper right...

Select the "Forgot password" link...

Enter in a fake email address, and click on "SEND RESET LINK"...

Bad error messaging.
Posted by at No comments:
Labels: , ,

Vogue Runway Fashion Shows app for iOS: Facebook sharing/login not working

iOS 13.2.3 on an iPhone 8
Vogue Runway Fashion Shows app for iOS (version 7.6.2)
Date: 12/04/2019

Description:

Facebook integration does not seem to work with the Vogue Runway Fashion Shows app (version 7.6.2) for iOS.

If a user tries to share a show using the Facebook Messenger sharing option, an error message appears saying that the content couldn't load.

If the user tries to login using the "Continue with Facebook" button on the "Start Bookmarking Today!" screen, a cancel error message appears as soon as the button is pressed.

I am not the first user to notice this. Here is a review in the app store:

Steps to Reproduce:

1. Download and launch the Vogue Runway Fashion Shows app for iOS
2. Select "MY SHOWS"
3. On the "Start Bookmarking Today!" screen, click on the "Continue with Facebook" button

Result: An error message appears when the user presses the "Continue with Facebook" button on the "Start Bookmarking Today!" screen

Expected: No error message should appear when the user presses the "Continue with Facebook" button on the "Start Bookmarking Today!" screen

Press the "Continue with Facebook" button...

This message appears.



OR:

1. Download and launch the Vogue Runway Fashion Shows app for iOS
2. Select any collection
3. Try to share the collection using the Facebook Messenger option built into the share UI of iOS

Result: A "couldn't load content" error message appears if the user tries to share a collection from the Vogue Runway Fashion Shows app

Expected: User should be able to share collections via Facebook Messenger from inside of the Vogue Runway Fashion Shows app

Head to any collection and select the share option...

Select the Messenger option...

This error message appears. Please fix!




Posted by at No comments:
Labels: , , , ,

Friday, November 15, 2019

Quartermaster app for iOS: Facebook login crashes the app

iOS 13.2.2
Quartermaster app for iOS (version 1.56)
Date: 11/15/2019

Description:

There is a crash with the current (version 1.56) Quartermaster app for iOS.

Launch the app and select the "Continue with Facebook" option. The app will crash.

Here's the crash dump:


Steps to Reproduce:

1. Download and launch the Quartermaster app for iOS
2. Select the "Continue with Facebook" option

Result: The Quartermaster app for iOS crashes after the "Continue with Facebook" option is selected

Expected: The Quartermaster app for iOS should not crash after the "Continue with Facebook" option is selected

Launch the app...

Select the "Continue with Facebook" option.

Posted by at No comments:
Labels: , , ,

Tuesday, November 12, 2019

Facebook app for iOS: This accessing the front camera bug everyone is talking about...

iOS 13.2.2
Facebook app (version 246.0) for iOS
Date: 11/12/2019

Description:

I've gotten it also! There is a wild bug with the current (246.0) Facebook app for iOS. Numerous bad reviews in the Apple App store are referencing this bug.

I believe this bug to be much worse than it appears - it probably explains why so many people are complaining about how the current iOS app is quickly draining battery power from iOS devices.

I've gotten this bug to reproduce two different ways. It is extremely easy to reproduce.

The easiest way:

Click on any photo in the app. Swipe up or down. If you look to the left, you can see that the camera is activated.

Looking through Twitter, you can see that has been referenced several times in recent hours and days. You can also find users contacting both Facebook and Apple Support on Twitter - with an unusual silence on the issue.

Here's a Twitter thread from a Twitter user named Joshua Maddux:



Here's another Twitter thread from a Twitter user named Daryl Lasafin:
One small blog has posted about this, but no one else seems to caught on. I would guess that this is draining the battery power of a great number of iOS users out in the wild. 

Steps to Reproduce:

1. Launch the Facebook app for iOS (version 24.6)
2. Click on photo in the app (Especially if it is a single uploaded photo)
3. Click again on the photo to expand it to full screen
4. Swipe either up or down

OR:

1. Launch the Facebook app for iOS (version 24.6)
2. Go to a profile page (Elizabeth Warrren's for example)
3. Click on her profile picture
4. From her expanded profile picture - swiftly swipe down from the middle of her face

Result: The current version of the Facebook app for iOS (version 24.6) actives the front facing camera of the iOS device if the user swipes down from a photograph

Expected: No iOS app should activate the front facing camera of the iOS device without express user consent - swiping down in an area of the UI should not activate the camera of the device

Here are some screenshots:

Head to any person's profile picture. Take Elizabeth Warren's, for example....

Swipe down, swiftly, from the middle of the profile picture...

The camera of the device is activated!!!


Posted by at No comments:
Labels: ,

Monday, November 11, 2019

HotPads - Apartment Rentals app for iOS: Can't share app via Facebook Messenger

iOS 13.2.2 on an iPhone 8
HotPads - Apartment Rentals for iOS (version 5.8.2)
Date: 11/11/2019

Description:

Minor bug with the "Share This App" feature of the HotPads - Apartment Rentals app for iOS. When the user tries to share the app (share an app store link to the app) using the Facebook Messenger option - an error message is returned.

This is the error message that the user sees:

The user should be able to share this app using Facebook Messenger. All other options (text message, email, Facebook, Tumblr, Twitter, Telegram, etc.) all seem to work. Only Facebook Messenger sharing fails.

Steps to Reproduce:

1. Launch the HotPads Apartment Rentals app for iOS (version 5.8.2)
2. Create an account
3. Head to Settings
4. Select the "Share This App" option
5. Choose Facebook Messenger sharing

Result: An error message is returned if the user tries to share the HotPads - Apartment Rentals app using Facebook Messenger

Expected: Users should be able to share the HotPads - Apartment Rentals app using Facebook Messenger

Take a look at some screenshots:

Select the "Share this app" option...

Try to share using the Messenger option.



Posted by at No comments:
Labels: , ,

Sunday, November 3, 2019

TOEFL Official App for iOS: App crashes if expand map option is pressed

iOS 13.2 on an iPhone 8
TOEFL Official App for iOS (Version 1.2.1)
Date: 11/04/2019

Description:

There is a reproducible crash with the current (1.2.1) version of the TOEFL Official App for iOS.

If the user taps on an expand map option, the app crashes 100% of the time.

Here's an image of the crash dump:



This is easier to show than to describe, so please see the attached screenshots.

Steps to Reproduce:

1. Download the TOEFL Official App for iOS (Version 1.2.1)
2. Launch app - allow location access
3. From the list of "Test Centers Near Me" click on any returned result
4. From the "Select Test Center and Date" screen click on "By Distance"
5. From the Map, click on the map expansion option in the bottom right hand corner of the screen

Result: The Official TOEFL app for iOS will crash if the user taps on a map expansion option

Expected: The Official TOEFL app for iOS should not crash if the user taps on a map expansion option

Launch the app...

Select any location near to you...

Select the "BY DISTANCE" option...

Select the map extender option (indicated by the circle) - the app will crash!


Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)