Saturday, December 21, 2019

Zillow app for iOS: Truncated text on the Widgets

iOS 13.3
Zillow app for iOS (version 13.1.2)
Date: 12/22/2019

Description:

There's a minor problem with the Widgets created by the Zillow app for iOS. If the user disables location permissions, an error message appears on the Widget.

This error location error message is especially truncated. Take a look:

This is the truncated error message when a widget is added to the Springboard area of the device.

This is the truncated error message from the preview section for the app:

A little bit more text appears - but still truncated!

Steps to Reproduce:

1. Disable location access for the Zillow app for iOS
2. Look at the NEARBY HOMES widget
3. Note that the text is truncated

Result: If location services are disabled, the text on the NEARBY HOMES widget is truncated

Expected: There should never be truncated text - no truncated text on the NEARBY HOMES widget

Download and/or update to the latest version of the Zillow app. Disable location services...

Note the truncated text on the error message.


Posted by at No comments:
Labels: , , ,

Wednesday, December 11, 2019

My H-E-B app for iOS: Invisible Done button

iOS 13.3.3 on an iPhone 8
My H-E-B app for iOS (version 1.0.2)
Date: 12/12/2019

Description:

There is a minor bug with the recently released My H-E-B app for iOS.

There is an option to share the "Weekly ad" from inside of the app. This share page has an "Options>" link which brings up the standard "Options" menu, which allows the user to send the ad as either "Automatic" or "PDF" or "Archive."

On this option menu, the "Done" button doesn't appear - it is white in color, against a white background. This is bad user experience and goes against the Human Interface Guidelines which call for uniformity and ease of use with these options.

Take a look:





Steps to Reproduce:

1. Download and launch the My H-E-B app for iOS
2. Create an account
3. Select the "View weekly ad" option
4. Select the share option at the bottom of the weekly ad
5. Select the "Options>" link
6. Note that the "Done" button is invisible

Result: Invisible "Done" button on the Option sharing page for Weekly ads inside of the My H-E-B app

Expected: You should be able to see these "Done" buttons

Open the app...

Head to the "View weekly ad" option...

Choose the share option...

Choose the "Options>" link...

My colorblind ass can't tell if there's anything visible there.
Posted by at No comments:
Labels: ,

Tuesday, December 10, 2019

Neiman Marcus app for iOS: Declining Access to Camera Roll not respected

iOS 13.2.3
Neiman Marcus app for iOS (version 9.6.3)
Date: 12/10/19

Description:

The Neiman Marcus app has an interesting bug regarding access to the camera roll on the iOS device.

I've seen similar bugs to this one with all kinds of iOS apps. I've previously submitted a similar bug to be private bug bounty, only to be told it wasn't a security issue. I laugh when it was fixed anyways.

I believe that in this instance, with how the Neiman Marcus app is handling this issue, is  at the very least, a violation of the Human Interface Guidelines for IOS apps.

You can watch a brief video of this problem with the video attached to the Tweet.

This basic gist of this problem is this. When the user is presented with this prompt:


The "Don't Allow" setting is not respected. Selecting "Don't Allow" still gives access to the camera roll. I know that there are

I'll explain more about this below:



I know the video might be a bit difficult to follow, but i'll repeat... I believe that how the Neiman Marcus app handles this access to the camera roll is incorrect. Further more, even seeing that the app has clear access to the camera roll, if the user heads to settings, there is no confirmation of read access in settings.




Steps to Reproduce:

1. Download the Neiman Marcus app for iOS (version 9.6.3)
2. Launch the app
3. Select "Continue as Guest"
4. Select "Maybe Later" in regards to Push Notifications
5. Select the magnifying glass in the upper right
6. Click on the camera icon
7. From the "NM" Would Like to Access the Camera" message, select "Don't Allow"
8. From the "NM" Would Like to Access Your Photos" message, select "Don't Allow"
9. Dismiss the tutorial
10. Select the pictures icon in the bottom left hand corner of the screen
11. Note access to camera roll
12. Exit out of  app to Settings, note that app settings claim no camera roll access

Result: The Neiman Marcus app still accesses the iOS camera roll even after the user selects "Don't Allow" for this permission

Expected: If the user selects "Don't Allow" to a photo access message, the app should not have access to the camera roll of the iOS device
Select the magnifying glass...

Select the camera icon...

Select "Don't Allow"...

Select the camera roll icon...

Access to camera roll, even after declining access.



Posted by at No comments:
Labels: ,

Sunday, December 8, 2019

Settings crashes if you open one of Screen Time's Weekly Report Available notification and then press the left arrow

iOS 13.2.3 on an iPhone 8
Date: 12/08/2019

Description:

There is an easy to reproduce crash in the Settings area of the iPhone with iOS 13.2.3.

This crash occurs when the user receives and opens a "Weekly Report" notification from Screen Time. If the user opens up this notification:




And then selects the previous left facing arrow next to "Today"

The app will crash.

Here is a video of the crash as it happens:

Steps to Reproduce:

1. Wait to receive a "Weekly Report" notification from Screen Time
2. Open the "Weekly Report" notification
3. Scroll down from Scree Time screen, until the "Today, December 08" option appears
4. Select the back button

Result: The Settings app will crash if the user opens up the Screen Time settings via the Weekly Report notification and then press the left arrow

Expected: The Settings app should not crash if the user opens up the Screen Time settings option via a Weekly Report notification and then presses the left arrow
Posted by at No comments:
Labels: , ,

Thursday, December 5, 2019

Craigslist app for iOS: Easy way to disable the app!

iOS 13.2.3 for iPhone 8
craigslist app for iOS (1st release)
Date: 12/5/2019

Description:

Happy to finally see an official craigslist app for iOS! I've always enjoyed craigslist, so I have to, of course, report one minor bug with the app for posterity's sake.

There's a minor bug that occurs on listings. A user can cause the app to not display anything. This happens when the user simultaneously presses the "X" and the three dot share option from any product listing.

While this is unlikely to occur in a real life scenario, it is still always fun to document these types of bugs with iOS apps. These types of bugs are very common.

This is what I am seeing:

Please see the attached screenshots.

Steps to Reproduce:

1. Download and launch the craigslist app for iOS
2. Enter into the app
3. Head to any listing
4. From the detail page of any listing, simultaneously press the "X" and the three dot share option (takes a little practice)

Result: Easy way to disable the app by pressing the "X" and the three dot share option from any product listing inside the craigslist app

Expected: Shouldn't be able to disable the app this way

Launch the new app....

Head into the items that are for sale....

Take a look at "bicycles" as an example....

Select an item like a bicycle....

Select the "X" and the three dots simultaneously (takes some practice, but once you get the hang of it, it is easy)...

Cancel out of this menu....

App is frozen like this!



Posted by at No comments:
Labels: ,

Tuesday, December 3, 2019

Fabric: Life Insurance & Wills app for iOS: Bad error message from unrecognized email address in password reset

iOS 13 (13.2.3)
Fabric: Life Insurance & Wills app for iOS (version 1.0.2)
Date: 12/04/2019

Description:

There is an uninformative error message that is displayed by the Fabric app for iOS. If the user enters in an unrecognized email address into the password reset form, the follow error message appears:

'UserMigration failed with error An invalid argument was supplied. Please change the argument and try again.."

The invalid argument tells me that no such user is using that particular email. The error message should probably be changed to the generic error message: "check your inbox" that most apps use.

Steps to Reproduce:

1. Download and launch the Fabric: Life Insurance & Wills app (version 1.0.2) for iOS
2. Select the "Sign in" option in the upper right hand corner of the screen
3. Select the "Forgot Password" option
4. Enter in a bogus email address (an email address not in use by the app)
5. Press the "SEND RESET LINK" option
6. Note the "UserMigration failed" error message at the top of the screen

Result: Fabric's error message displayed when an unrecognized email address sends a password reset request informs the user that the particular email address they attempted is not in use by the app. The error message is not informative as well

Expected: A generic and easy to understand error message. Error message should not indicate if a particular email address is in use or not

Download and launch the Fabric app...

Select the "Sign in" option in the upper right...

Select the "Forgot password" link...

Enter in a fake email address, and click on "SEND RESET LINK"...

Bad error messaging.
Posted by at No comments:
Labels: , ,

Vogue Runway Fashion Shows app for iOS: Facebook sharing/login not working

iOS 13.2.3 on an iPhone 8
Vogue Runway Fashion Shows app for iOS (version 7.6.2)
Date: 12/04/2019

Description:

Facebook integration does not seem to work with the Vogue Runway Fashion Shows app (version 7.6.2) for iOS.

If a user tries to share a show using the Facebook Messenger sharing option, an error message appears saying that the content couldn't load.

If the user tries to login using the "Continue with Facebook" button on the "Start Bookmarking Today!" screen, a cancel error message appears as soon as the button is pressed.

I am not the first user to notice this. Here is a review in the app store:

Steps to Reproduce:

1. Download and launch the Vogue Runway Fashion Shows app for iOS
2. Select "MY SHOWS"
3. On the "Start Bookmarking Today!" screen, click on the "Continue with Facebook" button

Result: An error message appears when the user presses the "Continue with Facebook" button on the "Start Bookmarking Today!" screen

Expected: No error message should appear when the user presses the "Continue with Facebook" button on the "Start Bookmarking Today!" screen

Press the "Continue with Facebook" button...

This message appears.



OR:

1. Download and launch the Vogue Runway Fashion Shows app for iOS
2. Select any collection
3. Try to share the collection using the Facebook Messenger option built into the share UI of iOS

Result: A "couldn't load content" error message appears if the user tries to share a collection from the Vogue Runway Fashion Shows app

Expected: User should be able to share collections via Facebook Messenger from inside of the Vogue Runway Fashion Shows app

Head to any collection and select the share option...

Select the Messenger option...

This error message appears. Please fix!




Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)