Pool screenshot app for iOS: Smart App Banner renders blank/empty when visiting pool.day on Safari (iOS)

 iOS 26.5.1

Pool, screenshot app for iOS (version 2.0.4)

06/30/2026

Description:

When a user navigates to (https://pool.day) using Safari on iOS, the native Apple Smart App Banner triggers but fails to populate any application metadata. The banner displays as an empty container containing only a close button, a generic gray placeholder icon, and empty rating stars. It is completely missing the app title, developer info, and the functional "View/Open" action button.

Environment

• URL: [https://pool.day](https://pool.day)

• Target App: Pool, the screenshot app (id6752956163)

• Devices Tested:

  • iPhone 17 (Running iOS 26.5.1)

  • iPhone Xr (Running iOS 18.6.2)

• Browser: Safari Mobile

Steps to Reproduce

1. Using a supported iOS test device, open the native Safari browser.

2. Navigate to the website: [https://pool.day](https://pool.day)

3. Observe the Smart App Banner that appears at the top of the viewport.

Expected Result

The Smart App Banner should correctly fetch and display the metadata for "Pool, the screenshot app" from the App Store. It should explicitly show the app icon, title, developer subtitle, star ratings, and an action button ("View" to download or "Open" if already installed).

Actual Result

The Smart App Banner displays as entirely blank metadata-wise, rendering an empty UI shell as highlighted by the arrow in the screenshot below

Challe Activity app for iOS: Google OAuth Consent Screen: Incorrect App Name of project-837812025812

 iOS 26.5.1

Challe Activity app for iOS (version 1.3.30)

06/23/2026

Description:

The Google OAuth sign-in screen for the Challe Activity app for iOS displays an app name of project-837812025812:

This is not an accurate representation of what the user is granting permission to. Take a look at the screenshots below.

1. Download the Challe app for iOS

2. Select the Google login option

3. Navigate to the Google OAuth screen

Result: app name of "project-837812025812" is displayed on Google OAuth screen

Expected: correct app name on Google OAuth login

Choose the Google option...

Select the "Continue" option...

Not very informative. 

Oregon State Credit Union app for iOS: App Features Broken Privacy Policy Links in the Apple App Store

 Date: May 31, 2026

App Version Affected: 2026.01

App Store Link: Oregon State Credit Union on Apple App Store

Description

When financial institutions handle user data, transparency is everything. However, the "developer’s privacy policy" and "privacy policy" links on the Oregon State Credit Union’s Apple App Store detail page are currently broken. Instead of taking users to a valid legal document, they point to a dead end.

Clicking either link directs users to an error page on the credit union's website stating: “We’re sorry we couldn’t find that page.”

• Live Proof: You can view an archived snapshot of the broken destination page here: Archived Error Page.

• The Rule: This isn't just a minor inconvenience—it violates Apple’s official App Store Review Guidelines, which strictly require a valid, readable privacy policy link for all apps. See Apple Developer Guidelines (Section 5.1.1 Legal/Privacy).

Steps to Reproduce

1. Open the Apple App Store and navigate to the detail page for the Oregon State Credit Union app.

2. Scroll down to the App Privacy section. (As seen in IMG_2543.jpg, which highlights the "developer's privacy policy" link).

3. Select either the “developer’s privacy policy” or “privacy policy” link.

4. Observe the destination browser window.

Expected vs. Actual Result

• Expected Result: The links must direct the user to a valid, fully readable privacy policy detailing how the credit union handles sensitive user data.

• Actual Result: The links load a 404 Not Found style landing page on oregonstatecu.com. As shown in IMG_2544.jpg, the page explicitly reads: "We're sorry, we couldn't find the page."

Apple App Store detail page for the Oregon State Credit Union app for iOS.

Select either the "Privacy Policy" or "Developer's Privacy Policy" links...

User is taken to a "We're sorry we couldn't find the page." error page instead a valid privacy policy. 

Goodwill Delivery app for iOS: "Settings" option after declining camera access does not take user out of the app

iOS 26.3.1

Goodwill Delivery app for iOS (version 2.0.10)

05/26/2026

Description:

In the country of Georgia, the grocery chain "Goodwill" offers an iOS app called Goodwill Delivery. Like most shopping apps, it includes a barcode scanner that requires camera access.

The option to activate the camera from inside the Goodwill delivery app for iOS. 

When camera permission is denied, the app displays a "Camera Unavailable" dialog with a "Settings" button — a standard iOS pattern intended to direct the user to the app's Settings page so they can grant permission. However, tapping "Settings" does nothing. The user is left stranded inside the app with no way to reach Settings from that dialog.

Select "Don't Allow" from this option. You (the user) have clearly given your preference to the app. Per Apple's rules, all subsequent attempts to access the camera should result in an error message displayed - along with a working "Settings" option that exists the user out of the app. This app has a "Settings" option - but it does not work.

This behavior is inconsistent with Apple's expectation that a "Settings" button executes a valid system deep-link via UIApplication.openSettingsURLString. It appears to be a violation of App Store Review Guideline 2.1 (App Completeness), which requires that apps be fully functional before submission, with no dead ends or broken controls.

This is the first instance I have encountered of this pattern failing entirely within a shipping iOS app.

Steps to Reproduce:

1. Download the Goodwill Delivery app for iOS (version 2.0.10)
2. Complete any onboarding and advance to the home screen
3. Tap the barcode icon to the right of the search input
4. In the "Goodwill would like to access the camera" permission dialog, tap Don't Allow
5. From the home screen, select the barcode option a second time 
6. In the "Camera Unavailable" dialog, tap Settings

Result: Tapping "Settings" does not navigate the user to the iOS Settings app or to the app's Settings page. The user remains inside the app with no recourse.

Expected: Tapping "Settings" should open the iOS Settings app to the Goodwill Delivery permissions page, allowing the user to grant camera access. 

Amazon Shopper Panel app for iOS: Broken FAQ Link and S3 Bucket 403 Error

 iOS 26.3.1

Amazon Shopper Panel app for iOS (version 5.1.6)

03/11/2026

Description: 

There is a "Program FAQs" link inside of the Amazon Shopper Panel app for iOS that leads to an access denied page. 

I first at thought that this error message was based on my location - however after running the same URL through a US proxy, I see that this is likely a dead link pointing to an incorrect location. 

Archived Link: https://archive.is/H8iHK

Steps to Reproduce:

1. Download and launch the Amazon Shopper Panel for iOS

2. From the "Join the panel and earn rewards" page, select "Continue"

3. Advance (Continue > Continue > Get Started) to Amazon sign-in page 

4. Select the "Amazon Shopper Panel Program Terms and Conditions" link 

5. Scroll down and select "Program FAQs"

Result: the "Program FAQs" link on the "Amazon Shopper Panel Program Terms and Conditions" page accessible via the iOS app lead to an "access denied" error message 

Expected: A "Program FAQs" link should never lead to an access denied error message 

Download and launch the Amazon Shopper Panel app for iOS...

Select the "Amazon Shopper Panel Program Terms and Conditions" link...

Select the "Program FAQs" link...

User is taken here: https://d3smi4el0k163n.cloudfront.net/3.3.0/legal/faq/en-US/v1/rewards/FAQRewards-en-US-dev.html

Probably should have been this (?):  https://panel.amazon.com/FAQPrivacy.html

I sent the following message into Amazon: 

Dear Amazon Support Team,

I am writing to report a broken resource link within the Amazon Shopper Panel iOS application that appears to point to an internal development or staging environment.

Issue Description: In the "More" or "Help" section of the app, the link for the program FAQ is currently pointing to a URL that returns an XML "Access Denied" error from an S3 bucket via CloudFront.

Technical Details:

• Target URL: https://d3smi4el0k163n.cloudfront.net/3.3.0/legal/faq/en-US/v1/rewards/FAQRewards-en-US-dev.html

• Observed Behavior: The server returns an HTTP 403 (Forbidden) with an S3 <Code>AccessDenied</Code> XML response.

• Analysis: The presence of -dev.html in the filename suggests a hardcoded link to a development asset that is not permissioned for public access or has been removed. This occurs regardless of the requester's geographic location (verified via US-based proxies).

Impact: Users are unable to access the rewards FAQ from within the app, leading to a degraded user experience. While this does not appear to be a high-risk security leak, the raw XML response indicates a minor configuration drift between the production app and the storage bucket permissions.

I recommend updating the app to point to the production FAQ (e.g., https://panel.amazon.com/FAQPrivacy.html) and ensuring that CloudFront is configured to serve a standard 404 page rather than raw S3 XML for missing or private objects.

Best regards,

Robert Delaware

Lacoste USA: Polos & Sneakers app for iOS: Inoperable "CONSENT MANAGEMENT" option in MY SETTINGS

 iOS 26.2.1

Lacoste USA: Polos & Sneakers app for iOS (version 1.8.0)

01/29/2026

Description: 

There is a "CONSENT MANAGEMENT" option that is accessible for the user in the "MY SETTINGS" option of the Lacoste USA: Polos & Sneakers app for iOS. This option appears if the user is in guest mode or if the user creates an account. 

For me, at least, pressing this link does not take the user to a consent management page on the Lacoste website. 

Please note: while I downloaded the the Lacoste app for the U.S. Apple App store, I am not in the United States as I attempt to access the link. 

Steps to Reproduce:

1. Download and launch the Lacoste USA: Polos & Sneakers app for iOS 

2. Select the "ACCOUNT" option in the bottom right hand corner of the screen 

3. Select "MY SETTINGS"

4. From the "MY SETTINGS" screen select "CONSENT MANAGEMENT"

Result: There is a non-working "CONSENT MANAGEMENT" link on the "MY SETTINGS" page of the Lacoste iOS app 

Expected: Every link should work. A "CONSENT MANAGEMENT" link on the "MY SETTINGS" page of the Lacoste iOS app should take the user to a valid consent management page - if this option is not supposed to be accessible for users in different locations, it should disappear 

Download and launch the Lacoste USA: Polos & Sneakers app for iOS...

Launch the app and select "ACCOUNT"...

Select "MY SETTINGS"...

The "CONSENT MANAGEMENT" option does nothing - does not open link, does not lead to Lacoste website - bad end user experience. 

EF Go Ahead Tours app for iOS: the "Developer's Privacy Policy" and "Privacy Policy" links on the Apple App Store detail page lead to a 404 error page

 iOS

EF Go Ahead Tours app for iOS (version 2026.1.9)

01/19/2026

Description:

The privacy links on the detail page for an app called EF Go Ahead Tour app for iOS lead to a 404 error message. Linking to a valid, and readable, privacy policy is mandated by Apple policies. 

Archived Link: https://archive.is/klKww

Steps to Reproduce:

1. Head to the detail page in the Apple App Store for the EF Go Ahead Tour app

2. Scroll down and select either "Developer's Privacy Policy" or "Privacy Policy" links

3. Note that both link to a 404 page and not a valid (readable) privacy policy 

Result: the "Developer's Privacy Policy" and "Privacy Policy" links on the detail page for an app called EF Go Ahead Tours lead to a 404 page and not a valid privacy policy 

Expected: the "Developer's Privacy Policy" and "Privacy Policy" links on the detail page for the EF Go Ahead Tours app should lead to a valid (readable) privacy policy 

Head to the detail page for the EF Go Ahead Tours app in the Apple App store...

Scroll down and select the "Privacy Policy" link...

User is taken to a 404 error message.