Wednesday, November 20, 2024

Foxtrot Delivery Market app for iOS: Privacy Policy and TOS links in-app link to nothing

 iOS 18.1.1

Foxtrot Delivery Market app for iOS (version 2024.10.2)

11/20/2024

Description:

There are a number of problems with the links to Foxtrot's Terms of Service and Privacy Policy links inside of the Foxtrot Delivery Market iOS app.

These links are accessed in-app on pages like this:


From the Sign-up portion of the Foxtrot Delivery Market iOS app, select either "Terms of Service" or "Privacy Policy"


A foxtrot URL begins to load, but eventually it ends up on...


It ends up here, which is not a valid URL.




Steps to Reproduce:

1. Download and launch the Foxtrot Delivery Market app for iOS (version 2024.10.2)

2. Select the sliding menu option in the upper left

3. Select "Sign up"

4. Scroll down to the bottom of the screen and notice the "By signing up, you agree to Foxtrot's Terms of Service and Privacy Policy" text. Note that "Terms of Service" and "Privacy Policy" are links

5. Click on either the "Terms of Service" or "Privacy Policy" links

Result: Selecting either the "Terms of Service" or "Privacy Policy" links from inside of the Foxtrot Delivery Market app for iOS do NOT take the user to valid TOS or Privacy Policy pages. The user is instead stranded 

Expected: The "Terms of Service" and "Privacy Policy" links inside of the Foxtrot Delivery Market app for iOS should always lead to Foxtrot's valid TOS and Privacy Policy pages 


Tuesday, November 12, 2024

People's Daily app for iOS: Privacy Policy links in App Store listing does not lead to a privacy policy

 iOS 18.0.1

People's Daily app for iOS (version 4.2.6)

11/12/2024

Description: 

According to Apple App store rules, "all apps must include a link to their privacy policy in the App Store Connect metadata field and within the app in an accessible manner." 


The People's Daily app for iOS does not follow this rule. The People's Daily app for iOS Apple App store listing links to a bad URL.



Steps to Reproduce:

1. Head to the People's Daily app for iOS listing in the Apple App Store 
2. Scroll down and select either "developer's privacy policy" or "privacy policy"

Result: The "developer's privacy policy" or "privacy policy" links on the People's Daily app store listing do NOT lead to a readable privacy policy 

Expected: The "developer's privacy policy" and "privacy policy" links from the People's Daily app store listing should lead to a readable privacy policy 




Select the "developers privacy policy" link...


Leads to: https://api.en.pdnews.cn/html/privacyPolicy.html which is not a working privacy policy. 





Wednesday, November 6, 2024

Pepper - Recipes with Friends app for iOS: Google OAuth Consent Screen: Incorrect App Name of pepperauthprod.auth.us-east-1.amazoncognito.com

 iOS 18.0.1

Pepper - Recipes with Friends app for iOS (version 2.10.1)

11/06/2024

Description: 

The Google OAuth Sign In screen for the Pepper - Recipes with Friends app displays an app name of: "pepperauthprod.auth.us-east-1.amazoncognito.com."

This is not an accurate representation of what the user is signing into. 


Steps to Reproduce:

1. Download the Pepper - Recipes with Friends app for iOS (version 2.10.1)

2. Launch the app - select "Sign Up"

3. From the "JOIN US." screen, select the "Sign up with Google" option 

4. From the Google Sign in screen, note the app name of: "pepperauthprod.auth.us-east-1.amazoncognito.com"

Result: The app name listed on the Google OAuth screen presented by the Pepper - Recipes with Friends iOS app is: "pepperauthprod.auth.us-east-1.amazoncognito.com" - this is an AWS URL and not an accurate representation of what the app's name is. There is no privacy policy or TOS link either 

Expected: The Google OAuth screen presented by the Pepper - Recipes with Friends app should present the name of the app correctly 


Launch the Pepper - Recipes with Friends app for iOS...


Select the "Sign Up" option...


Choose the "Sign up with Google" option...


The app name is: "pepperauthprod.auth.us-east-1.amazoncognito.com"






Wednesday, October 30, 2024

Smart App Banner bug: myPittCounty iOS app banner: myPittCounty App Banner is Blank

 iOS 18.0.1

Domain: https://pay.pittcountync.gov/

Environment: Mobile Safari 

10/30/2024

Description:

Here's an unusual one that I do not believe that I have ever encountered before. A new app was launched by Pitt County in the State of North Carolina. 

This app is available from the Apple App Store. I wrote a bug about this app yesterday.

When the user visits https://pay.pittcountync.gov/ using Mobile Safari on an iPhone, they are presented with a "Smart App Banner" which is supposed to display an image of the app and an option to either:

  • Download the app if it isn't on the device
  • Open the app if the app is downloaded on the device
There's a problem, however. 

Take a look at this screenshot:


The Smart App Banner displayed by pay.pittcountync.gov is completely blank. This shouldn't be happening. 


Steps to Reproduce:

1. On an iPhone running iOS 18.0.1 navigate to pay.pittcounty.gov
2. Note the blank banner at the top of the screen 
3. Navigate to the app store and download and user the myPittCounty app for iOS
4. Navigate again to pay.pittcounty.gov
5. Note the blank banner at the top of the screen

Result: The Smart App Banner displayed at the top of pay.pittcounty.gov is blank 

Expected: The Smart App Banner displayed at the top of pay.pittcounty.gov should never be blank 



Monday, October 28, 2024

myPittCounty for iOS: Google OAuth Consent Screen: Incorrect App Name of project-191509807296

 iOS 18.0.1

myPittCounty app for iOS

10/28/2024

Description:

Here's a common problem with Google Oauth consent screens. On the Google Oauth screen presented by the myPittCounty app, the correct app name is not listed. Take a look at how it appears:




This goes against Google's own rules


Steps to Reproduce:

1. Download the myPittCounty app for iOS

2. Navigate to the log in page

3. Select the Google logo

4. From the "myPittCounty" Wants to Use "google.com" to Sign in" prompt, select "Continue"

5. From the consent screen, note the app's name isn't listed (instead it says "project-191509807296")

Result: When accessed via the myPittCounty iOS app, the Google Oauth consent screen does not display the name of the app. The app is represented as: "project-191509807296"

Expected: When accessed via the myPittCounty iOS the Google Oauth consent screen should display the correct name of the app 


Download the myPittCounty app from the app store and launch it...


Select the Google option here...


Select "Continue"...


No name of the app: just a project name. 



Curiously the Google Oauth consent screen is taken to in the app is not the same Oauth consent screen that the user is taken to when accessed via the web. The web login can be accessed here






Sunday, October 13, 2024

Pluckers app for iOS: Privacy Policy link in App Store listing lead to a 404 Page

 iOS 18.1

Pluckers Club app for iOS (version 2.1.62)

Date: 10/09/2024

Description:

An app called Pluckers Club for iOS has a bad Privacy Policy link in the Apple App Store listing for the app.


The Privacy Policy link leads to a page that looks like this:


This is the URL in question: https://www.pluckersclub.com/MemberNew/TermsAndConditions/Terms.aspx

Steps to Reproduce:

1. Head to the Apple App Store listing for the Pluckers app for iOS

2. Click on the "Privacy Policy" link 

Result: The "Privacy Policy" link on the Pluckers app for iOS detail page in the Apple App Store does not work - it leads the user to a URL that displays a "Server Error in '/' Application" error message 

Expected: The "Privacy Policy" link for the Pluckers app for iOS displayed on the detail page in the Apple App Store should always work and take the user to a valid privacy policy 


Pluckers app in the Apple App Store




Below you'll see the error message displayed by: https://www.pluckersclub.com/MemberNew/TermsAndConditions/Terms.aspx



Friday, September 20, 2024

FerryFriend App for iOS: Privacy Policy and Developer's Privacy Policy Links in App Store Listing Lead to a 404 Page

 iOS 18

FerryFriend app for iOS (version 4.5.12)

09/20/2024

Description:


The "Privacy Policy" and "Developer's Privacy Policy" links in the app store listing for the FerryFriend app leads to a 404 page that looks like this:



Steps to Reproduce:

1. Head to the Apple App Store listing for the FerryFriend app for iOS
2. Click on the "Privacy Policy" link

Result: The "Privacy Policy" and "Developer's Privacy Policy" links on the FerryFriend app's detail page in the Apple app store does not work and leads the user to a 404 page

Expected: The "Privacy Policy" and "Developer's Privacy Policy" links on the FerryFriend app's Apple App Store detail page should lead to a valid privacy policy 


Here's the Apple App Store listing for the FerryFriend app as of September 20th, 2024. 


The "developer's privacy policy" link leads to a 404 page...


This "Privacy Policy" link leads to a 404 page as well.