Wednesday, November 6, 2024

Pepper - Recipes with Friends app for iOS: Google OAuth Consent Screen: Incorrect App Name of pepperauthprod.auth.us-east-1.amazoncognito.com

 iOS 18.0.1

Pepper - Recipes with Friends app for iOS (version 2.10.1)

11/06/2024

Description: 

The Google OAuth Sign In screen for the Pepper - Recipes with Friends app displays an app name of: "pepperauthprod.auth.us-east-1.amazoncognito.com."

This is not an accurate representation of what the user is signing into. 


Steps to Reproduce:

1. Download the Pepper - Recipes with Friends app for iOS (version 2.10.1)

2. Launch the app - select "Sign Up"

3. From the "JOIN US." screen, select the "Sign up with Google" option 

4. From the Google Sign in screen, note the app name of: "pepperauthprod.auth.us-east-1.amazoncognito.com"

Result: The app name listed on the Google OAuth screen presented by the Pepper - Recipes with Friends iOS app is: "pepperauthprod.auth.us-east-1.amazoncognito.com" - this is an AWS URL and not an accurate representation of what the app's name is. There is no privacy policy or TOS link either 

Expected: The Google OAuth screen presented by the Pepper - Recipes with Friends app should present the name of the app correctly 


Launch the Pepper - Recipes with Friends app for iOS...


Select the "Sign Up" option...


Choose the "Sign up with Google" option...


The app name is: "pepperauthprod.auth.us-east-1.amazoncognito.com"






Posted by at No comments:
Labels: , , ,

Wednesday, October 30, 2024

Smart App Banner bug: myPittCounty iOS app banner: myPittCounty App Banner is Blank

 iOS 18.0.1

Domain: https://pay.pittcountync.gov/

Environment: Mobile Safari 

10/30/2024

Description:

Here's an unusual one that I do not believe that I have ever encountered before. A new app was launched by Pitt County in the State of North Carolina. 

This app is available from the Apple App Store. I wrote a bug about this app yesterday.

When the user visits https://pay.pittcountync.gov/ using Mobile Safari on an iPhone, they are presented with a "Smart App Banner" which is supposed to display an image of the app and an option to either:

  • Download the app if it isn't on the device
  • Open the app if the app is downloaded on the device
There's a problem, however. 

Take a look at this screenshot:


The Smart App Banner displayed by pay.pittcountync.gov is completely blank. This shouldn't be happening. 


Steps to Reproduce:

1. On an iPhone running iOS 18.0.1 navigate to pay.pittcounty.gov
2. Note the blank banner at the top of the screen 
3. Navigate to the app store and download and user the myPittCounty app for iOS
4. Navigate again to pay.pittcounty.gov
5. Note the blank banner at the top of the screen

Result: The Smart App Banner displayed at the top of pay.pittcounty.gov is blank 

Expected: The Smart App Banner displayed at the top of pay.pittcounty.gov should never be blank 



Posted by at No comments:
Labels: , ,

Monday, October 28, 2024

myPittCounty for iOS: Google OAuth Consent Screen: Incorrect App Name of project-191509807296

 iOS 18.0.1

myPittCounty app for iOS

10/28/2024

Description:

Here's a common problem with Google Oauth consent screens. On the Google Oauth screen presented by the myPittCounty app, the correct app name is not listed. Take a look at how it appears:




This goes against Google's own rules


Steps to Reproduce:

1. Download the myPittCounty app for iOS

2. Navigate to the log in page

3. Select the Google logo

4. From the "myPittCounty" Wants to Use "google.com" to Sign in" prompt, select "Continue"

5. From the consent screen, note the app's name isn't listed (instead it says "project-191509807296")

Result: When accessed via the myPittCounty iOS app, the Google Oauth consent screen does not display the name of the app. The app is represented as: "project-191509807296"

Expected: When accessed via the myPittCounty iOS the Google Oauth consent screen should display the correct name of the app 


Download the myPittCounty app from the app store and launch it...


Select the Google option here...


Select "Continue"...


No name of the app: just a project name. 



Curiously the Google Oauth consent screen is taken to in the app is not the same Oauth consent screen that the user is taken to when accessed via the web. The web login can be accessed here






Posted by at No comments:
Labels: , ,

Sunday, October 13, 2024

Pluckers app for iOS: Privacy Policy link in App Store listing lead to a 404 Page

 iOS 18.1

Pluckers Club app for iOS (version 2.1.62)

Date: 10/09/2024

Description:

An app called Pluckers Club for iOS has a bad Privacy Policy link in the Apple App Store listing for the app.


The Privacy Policy link leads to a page that looks like this:


This is the URL in question: https://www.pluckersclub.com/MemberNew/TermsAndConditions/Terms.aspx

Steps to Reproduce:

1. Head to the Apple App Store listing for the Pluckers app for iOS

2. Click on the "Privacy Policy" link 

Result: The "Privacy Policy" link on the Pluckers app for iOS detail page in the Apple App Store does not work - it leads the user to a URL that displays a "Server Error in '/' Application" error message 

Expected: The "Privacy Policy" link for the Pluckers app for iOS displayed on the detail page in the Apple App Store should always work and take the user to a valid privacy policy 


Pluckers app in the Apple App Store




Below you'll see the error message displayed by: https://www.pluckersclub.com/MemberNew/TermsAndConditions/Terms.aspx



Posted by at No comments:
Labels: , , ,

Friday, September 20, 2024

FerryFriend App for iOS: Privacy Policy and Developer's Privacy Policy Links in App Store Listing Lead to a 404 Page

 iOS 18

FerryFriend app for iOS (version 4.5.12)

09/20/2024

Description:


The "Privacy Policy" and "Developer's Privacy Policy" links in the app store listing for the FerryFriend app leads to a 404 page that looks like this:



Steps to Reproduce:

1. Head to the Apple App Store listing for the FerryFriend app for iOS
2. Click on the "Privacy Policy" link

Result: The "Privacy Policy" and "Developer's Privacy Policy" links on the FerryFriend app's detail page in the Apple app store does not work and leads the user to a 404 page

Expected: The "Privacy Policy" and "Developer's Privacy Policy" links on the FerryFriend app's Apple App Store detail page should lead to a valid privacy policy 


Here's the Apple App Store listing for the FerryFriend app as of September 20th, 2024. 


The "developer's privacy policy" link leads to a 404 page...


This "Privacy Policy" link leads to a 404 page as well. 







Posted by at No comments:
Labels: , , ,

Wednesday, September 4, 2024

Lemon8 app for iOS: Twitter Account Creation Does Not Work

UPDATE:


When I checked today (11/03/2024) the option to use Twitter for account creation appears to have been removed from the app:


Downloaded the latest version this morning...


Witter option removed. 

Guess that's that....


____________________________________________________________________________________

 iOS: 17.6.1

Lemon8 app for iOS (version 7.1.0)

Date: 09/04/2024

Description:

Lemon8 account creation is not working with the iOS app. There is a "Continue with X" option for account creation. While the other options all work, the Twitter option does not. 

Selecting this option results in the following error message:

Twitter account creation isn't working - hasn't worked for several weeks. This is the error message. 



Note: This problem does NOT reproduce with the Lemon8 app for Android. This also reproduced with the Twitter app removed from the phone. 

Steps to Reproduce:

1. Download the Lemon8 app for iOS (version 7.1.0)

2. Advance to the home screen

3. Select the Profile icon in the bottom right 

4. From the "Lemon8 - Create account or log in" screen scroll down and select "Continue with X"

Result: It is not possible to use the "Continue with X" option to create a Lemon8 account using the Lemon8 iOS account

Expected: The user should be able to use the "Continue with X" option to create a new Lemon8 account using the Lemon8 iOS app 

Posted by at No comments:
Labels: ,

Tuesday, September 3, 2024

Laurie Buckhout For Congress app for iOS: Privacy Policy Link In App Store Working Does Not Lead to a Privacy Policy

 iOS 17.6.1

Laurie Buckhout for Congress app for iOS (production version)

Date: 09/03/2024

Description:

Today I took a look at an app called Laurie Buckhout for Congress that is available to download from the Apple App Store. This app does not have a valid (working) link to a Privacy Policy in either the app store listing, or from inside of the app.

According to Apple App Store rules, "all apps must include a link to their privacy policy in the App Store Connect metadata field and within the app in an accessible manner. 

The Apple App Store rules regarding access to privacy policies are very clear. 



Here's what the app store listing looks like:

This is the Apple App Store listing for Laurie Buckhout for Congress. Scroll down to the Privacy Policy link...

Click on the "developer's privacy policy" link...

This is obviously not a valid privacy policy.



Steps to Reproduce:

1. Head to the Laurie Buckhout for Congress app for iOS Apple App Store page
2. Scroll down to the "developer's privacy policy" and "privacy policy" links

Result: The "developer's privacy policy" and "privacy policy" links on the Laurie Buckhout for Congress Apple App Store listing page do not lead to valid privacy policies 

Expected: There needs to be working privacy policy links in the Laurie Buckhout for Congress Apple App Store listing 





Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)