Atmosfy app for iOS: Terms of Service and Privacy Policy links take user back to App Store

 iOS 16.6

Atmosfy app for iOS (version 4.23.0)

Date: 08/27/23

Description:

Here's a problem I have never seen before. 

Inside of the Atmosfy iOS app, the "Atmosfy Terms of Service" and "Privacy Policy" links do not take the user to a Terms of Service or a Privacy Policy. Instead they take the user back to the Apple App Store listing for the Atmosty app. 

The Terms of Service and Privacy Policy links take the user back to the App Store. 

Hello .@AtmosfyApp -

The Atmosfy Terms of Service and Privacy Policy links don’t take users to either - they just loop the user back to the App Store. The App Store links loop to the app!

This is a violation of .@AppleSupport guidelines pic.twitter.com/KvStGpCWb0

— Robby Delaware (@RobbyDelaware) August 27, 2023

Steps to Reproduce:

1. Download and launch the Atmosfy app

2. Select "Log In"

3. Select either the "Atmosfy Terms of Service" or "Privacy Policy" links

4. User is take back to App Store 

Result: The "Atmosfy Terms of Service" and "Privacy Policy" links do not take the user to either a privacy policy or a Terms of Service - instead they loop the user back to the App Store. 

Expected: These links should work  

BigLots app for iOS: XSS error from searches for plaintext

 iOS 16.6

BigLots app for iOS

Date: 08/23/23

Description:

The BigLots app for iOS as a problem with self-directed XSS. Entering the term "<plaintext>" in the search box inside of the BigLots app results in an error.

Steps to Reproduce:

1. Download and launch the BigLots app for iOS

2. Click inside the input box that says, "Search BigLots.com"

3. Enter in "<plaintext>" as a search term

4. Click on "Search" 

Result: The BigLots iOS app displays an error message if "<plaintext>" is entered as a search term - there is a problem with self-directed XSS

Expected: The BigLots iOS app should not display HTML text from a "<plaintext>" search 

Click inside the search input box and enter in "<plaintext>"

Enter in "<plaintext>"

HTML error from a self-directed XSS command. 

BigLots app for iOS: Invalid Privacy, App Support and Developer Website links in the App Store

 iOS 16.6

BigLots app for iOS

Date: 08/23/23

Description:

The BigLots! app for iOS has bad links connected to the listing for the app in the Apple App Store. 

The "Developer Website" link leads to: http://support.biglot.us/

The "Privacy Policy" link leads to: https://privacy.biglot.us/

The "App Support" link leads to: http://support.biglot.us/

These links are all not working, and as is common knowledge, Apple requires working links to a readable privacy policy in the app store listing.

Steps To Reproduce:

1. Head to the BigLots app store listing

2. Click on the "App Support", "Privacy Policy" and "Developer Website" links

Result: The "App Support", "Privacy Policy" and "Developer Website" links are not working with the BigLots app store listing 

Expected: The "App Support", "Privacy Policy" and "Developer Website" links should be working on the BigLots app store listing 

iOS 16.6: Native Mail App: Email Messages Activate inside of apps can't be dismissed - user stranded!

 iOS 16.6

Mail app for iOS 

Date: 08/22/2023

Description:

Today I came across an especially bad bug with the native iOS Mail app. I've gotten it to reproduce with multiple iPhones running 16.6.

I'm not sure how to describes but the problem is something like this: if an app activates the iPhone's native iOS Mail app, the user gets complete stuck when trying to cancel out of writing the email. The user is stuck staring at an unresponsive email message and has to force quit the app. 

This is much easier to show than to describe, so please take a look at a video of the bug:

Here’s a video of the bug. I can get this to happen 100% of the time. An extraordinarily debilitating bug with the native iOS Mail app

.@AppleSupport .@fb_engineering .@Meta https://t.co/jMTGtGnMOk pic.twitter.com/1YlLYXHMVS

— Robby Delaware (@RobbyDelaware) August 21, 2023

Steps to Reproduce:

1. Install the Native iOS Mail app and have it be the default 

2. From inside an app like Facebook, select an option to "Send Email"

3. From a generated email message select "Cancel"

4. Select "Delete Draft"

5. Select "Cancel" (nothing happens)

Result: Users are unable to dismiss ("cancel out of") email messages created by the native iOS app when these messages are shown in app 

Example: Using iOS app, select an FB page with "send email" button - from generated email message, select "cancel" 

Expected: User should always be able to exit out of an email message - an app like the Facebook iOS app should not rendered unusable by exiting out of a message 

Head to a Facebook page that has a "Send Email" option. 

Select the "Cancel" option from this email.

Select "Delete Draft"

User is completely stuck. A force quit is required to get the Facebook app working again.