Tuesday, December 17, 2024

Cleats Club app for iOS: No Apple Logo on the "Sign in with Apple" button

 iOS 18.2

Cleats Club app for iOS (version 1.1.3)

12/17/2024

Description:

Here's an odd one that I haven't seen before. An app called "Cleats Club" has the similar "Sign in with Apple" option that many apps have. 

The issue here is that this app's "Sign in with Apple" button is lacking the Apple logo. Here's a screenshot of how it looks inside the app:


I have downloaded many, many apps that have the Apple sign-in option. I cannot recall an app that had a "Sign in with Apple" app that lacked an Apple logo. 



I can't seem to find an exact requirement for the logo, but it seems clear that Apple's guidelines for implementation of the button imply that it's required. 


Here's some example of the "system-provided buttons" - as you can see, the logo is a prominent part of providing a sense of legitimacy to the button.

Two "Sign in with Apple" buttons for use on white backgrounds...


Two more buttons for use with "White with outline"

With black.

There's an admonition that Apple's "App Review evaluates all custom Sign in with Apple buttons." 


Steps to Reproduce:

1. Download the Cleats Club app for iOS 
2. Skip forward to the "JOIN THE CLUB" pop-up menu
3. Note the "SIGN IN WITH APPLE" button 

Result: the "Sign in with Apple" button inside of the Cleats Club app lacks an Apple logo

Expected: the "Sign in with Apple" button used by the Cleats Club app should, presumably, include the Apple logo 








Posted by at No comments:
Labels: , , ,

Tuesday, December 3, 2024

Up4Grabs app for iOS: Privacy Policy and Developer's Privacy Policy links in App Store lead to 404 Pages

 iOS 18.1.1

Up4Grabs app for iOS (version 1.4.0)

12/03/2024

Description:

The "Privacy Policy" and "Developer's Privacy Policy" links in the Apple App store detail page for the Up4Grabs app lead to 404 pages. 

This the link:

https://up4grabs.com/privacy

That users are taken to if they select these links from the Apple App Store's detail page. 

The "developer's privacy policy" link leads to a 404 page...

This "Privacy Policy" link leads to a 404 page...








Steps to Reproduce:

1. Head to the Up4Grabs listing in the Apple App Store

2. Click on either the "Privacy Policy" or "Developer's Privacy Policy" links

Result: The "Privacy Policy" or "Developer's Privacy Policy" links take the user to a 404 page 

Expected: The "Privacy Policy" and "Developer's Privacy Policy" links should NOT lead to 404 pages - they should lead to valid privacy policy pages 


Posted by at No comments:
Labels: , ,

Up4Grabs app for iOS: The Privacy Policy and Terms of Service Links on in-app Registration Page Crash the App

 iOS 18.1.1

12/03/2024

Up4Grabs app for iOS (version 1.4.0)

Description:

An iOS app called Up4Graps crashes when the user selects either the "Terms & Conditions" or "Privacy Policy" links from inside of the app. These links appear on this Registration page:



Steps to Reproduce:

1. Download and launch the Up4Grabs app for iOS (version 1.4.0)

2. Select "SKIP"

3. From the Login page, select "Register"

4. From the Register page, select either "Terms & Conditions" or "Privacy Policy" 

Result: Selecting either "Terms & Conditions" or "Privacy Policy" from inside of the Up4Grabs app results in the app crashing 

Expected: Selecting either the "Terms & Conditions" or "Privacy Policy" links from inside of the Up4Grabs app should not result in the app crashing 


Download and launch the Up4Grabs app. Select the "Register" option on this page...

The app crashes if either the "Terms & Conditions" or "Privacy Policy" links are selected on this page. 




Posted by at No comments:
Labels: , , , , ,

Monday, December 2, 2024

CLEVNET Libraries App for iOS: Typo in Error Message - "Database" is Misspelled

 iOS 18.1.1

CLEVNET Libraries App for iOS (Version 24.11.00)

12/02/2024

Description:

The newly released CLEVNET app for iOS has a minor problem: there's a typographical error on a login message. 

If the user enters in a blank library card number or PIN and then presses the "Sign In" button, an error message appears. You can see the error message below. 



In this error message, the word "database" is spelled incorrectly. The entire error message itself is somewhat cumbersome, but the typo should be fixed. 

Steps to Reproduce:

1. Download and launch the CLEVNET app for iOS (version 24.11.00)
2. Select a library (example: "Hubbard Public Library")
3. With nothing entered in the "Library Card Number" or "PIN or Password" input boxes, click on the "Sign In" button 
4. Note the error message that displays as:




Result: The word "database" is misspelled in an error message that is displayed by the CLEVNET Libraries App for iOS 

Expected: There should not be any typos or misspellings in error messages displayed by the CLEVNET app for for iOS 

Download and launch the app for Apple App store...

Proceed to the sign-in area of the app...

Choose the "Select Your Library" option...

Click on the "Sign In" option...

Choose any library branch, and then, with nothing entered into either the "Library Card Number" or "PIN or Password" input boxes, press the "Sign In" option...


Note the error message where "database" is misspelled. 


Note: Also published here.








Posted by at No comments:
Labels: , ,

Wednesday, November 27, 2024

AWS Events app for iOS: Cookie Preferences link is dead

 iOS 18.1.1

AWS Events app for iOS (version 7.6.0)

11/27/2024

Description:

Here's an unusual problem: the AWS Events app has a "Cookie preferences" link. Nothing happens when this link is selected. The other links on this page ("Privacy Policy" and a "Site terms" links) take the user to expected pages. 

The "Cookie preferences" link does nothing. 

Here's what it looks like inside of the iOS app:




Here's what it looks like when that login page (https://registration.awsevents.com/flow/awsevents/reinvent24/reg/login) is accessed on a laptop:


The "Customize cookie preferences" page appears, along with a link to the AWS Cookie notice



Other Amazon produced apps have cookie preference pages that are accessible via in-app options. Presumably the AWS Events app should have this option for GDPR compliance? 

Steps to Reproduce: 

1. Download and launch the AWS Events app for iOS (version 7.6.0)

2. From the "All events" page, select "AWS re:Invent 2024"

3. From the "Sign In" page, scroll down and select "Cookie Preferences"

Result: The "Cookie preferences" link on the AWS Events login page inside of the AWS Events app is inactive - no cookies pop-up is activated 

Expected: There should not be a dead link inside of an Amazon released iOS app 

Please Note: The same problem occurs with AWS Events app for Android (version 7.6.0)


Download and launch the AWS Events app for iOS...


Select the "AWS re:Invent 2024" option...


Scroll down to the bottom of this login screen...


Select the "Cookie preferences" option: Nothing happens! 












Posted by at No comments:
Labels: , , , ,

Tuesday, November 26, 2024

Particle News app for iOS: Seattle Times articles are returned from searches for "Null"

 iOS 18.1.1

Particle News app for iOS (version 1.0.8)

11/26/2024

Description:

Today, after reading an article about it, I downloaded a new app called Particle. It's a news app that uses AI to organize and curate news for you. It's an interesting idea, with an easy to understand user interface. 

I did find one small thing odd. I ran a search for the term "null" inside of the app:


And actual results were returned from the term "null" - not an optimal result.


This is a test that I run with every app that I download that has a search input box. Unless there is specially an entity named "Null" nothing in the app's menu or search results should, presumably, be labeled as the term "null" - if it is it is worth a second look! 

I've written about issues related to "Null" appearing inside of iOS apps before. 



Steps to Reproduce:

1. Download and launch the Particle News app for iOS (version 1.0.8)

2. Successfully create an account

3. Click on the magnifying glass in the bottom right of the screen

4. Inside of the search input box enter in the term "null"

5. Click on "URLs"

6. Note that 15 Seattle Times URLs are returned that are labeled as "Null"

Result: If the user searches for "null" inside of the Particle News app for iOS, 15 URLs from the Seattle Times newspaper's website are returned. Each URL has a description of "Null" - this is a less than optimal end user experience 

Expected: No returned URL inside of the Particle News app for iOS should be labeled as "Null" 

Download the Particle News app for iOS and create a valid account. Launch the app...

Click on the magnifying glass search option in the bottom right hand corner of the screen...

Enter the term "null" into the search input box and run a search...

Note that 14 "null" results are returned - all from the Seattle Times!








Posted by at No comments:
Labels: , ,

Wednesday, November 20, 2024

Foxtrot Delivery Market app for iOS: Privacy Policy and TOS links in-app link to nothing

 iOS 18.1.1

Foxtrot Delivery Market app for iOS (version 2024.10.2)

11/20/2024

Description:

There are a number of problems with the links to Foxtrot's Terms of Service and Privacy Policy links inside of the Foxtrot Delivery Market iOS app.

These links are accessed in-app on pages like this:


From the Sign-up portion of the Foxtrot Delivery Market iOS app, select either "Terms of Service" or "Privacy Policy"


A foxtrot URL begins to load, but eventually it ends up on...


It ends up here, which is not a valid URL.




Steps to Reproduce:

1. Download and launch the Foxtrot Delivery Market app for iOS (version 2024.10.2)

2. Select the sliding menu option in the upper left

3. Select "Sign up"

4. Scroll down to the bottom of the screen and notice the "By signing up, you agree to Foxtrot's Terms of Service and Privacy Policy" text. Note that "Terms of Service" and "Privacy Policy" are links

5. Click on either the "Terms of Service" or "Privacy Policy" links

Result: Selecting either the "Terms of Service" or "Privacy Policy" links from inside of the Foxtrot Delivery Market app for iOS do NOT take the user to valid TOS or Privacy Policy pages. The user is instead stranded 

Expected: The "Terms of Service" and "Privacy Policy" links inside of the Foxtrot Delivery Market app for iOS should always lead to Foxtrot's valid TOS and Privacy Policy pages 


Posted by at No comments:
Labels: , ,

Tuesday, November 12, 2024

People's Daily app for iOS: Privacy Policy links in App Store listing does not lead to a privacy policy

 iOS 18.0.1

People's Daily app for iOS (version 4.2.6)

11/12/2024

Description: 

According to Apple App store rules, "all apps must include a link to their privacy policy in the App Store Connect metadata field and within the app in an accessible manner." 


The People's Daily app for iOS does not follow this rule. The People's Daily app for iOS Apple App store listing links to a bad URL.



Steps to Reproduce:

1. Head to the People's Daily app for iOS listing in the Apple App Store 
2. Scroll down and select either "developer's privacy policy" or "privacy policy"

Result: The "developer's privacy policy" or "privacy policy" links on the People's Daily app store listing do NOT lead to a readable privacy policy 

Expected: The "developer's privacy policy" and "privacy policy" links from the People's Daily app store listing should lead to a readable privacy policy 


Head to the People's Daily Apple App Store listing...


Select the "developers privacy policy" link...


Leads to: https://api.en.pdnews.cn/html/privacyPolicy.html which is not a working privacy policy. 





Posted by at No comments:
Labels: , , ,

Wednesday, November 6, 2024

Pepper - Recipes with Friends app for iOS: Google OAuth Consent Screen: Incorrect App Name of pepperauthprod.auth.us-east-1.amazoncognito.com

 iOS 18.0.1

Pepper - Recipes with Friends app for iOS (version 2.10.1)

11/06/2024

Description: 

The Google OAuth Sign In screen for the Pepper - Recipes with Friends app displays an app name of: "pepperauthprod.auth.us-east-1.amazoncognito.com."

This is not an accurate representation of what the user is signing into. 


Steps to Reproduce:

1. Download the Pepper - Recipes with Friends app for iOS (version 2.10.1)

2. Launch the app - select "Sign Up"

3. From the "JOIN US." screen, select the "Sign up with Google" option 

4. From the Google Sign in screen, note the app name of: "pepperauthprod.auth.us-east-1.amazoncognito.com"

Result: The app name listed on the Google OAuth screen presented by the Pepper - Recipes with Friends iOS app is: "pepperauthprod.auth.us-east-1.amazoncognito.com" - this is an AWS URL and not an accurate representation of what the app's name is. There is no privacy policy or TOS link either 

Expected: The Google OAuth screen presented by the Pepper - Recipes with Friends app should present the name of the app correctly 


Launch the Pepper - Recipes with Friends app for iOS...


Select the "Sign Up" option...


Choose the "Sign up with Google" option...


The app name is: "pepperauthprod.auth.us-east-1.amazoncognito.com"






Posted by at No comments:
Labels: , , ,

Wednesday, October 30, 2024

Smart App Banner bug: myPittCounty iOS app banner: myPittCounty App Banner is Blank

 iOS 18.0.1

Domain: https://pay.pittcountync.gov/

Environment: Mobile Safari 

10/30/2024

Description:

Here's an unusual one that I do not believe that I have ever encountered before. A new app was launched by Pitt County in the State of North Carolina. 

This app is available from the Apple App Store. I wrote a bug about this app yesterday.

When the user visits https://pay.pittcountync.gov/ using Mobile Safari on an iPhone, they are presented with a "Smart App Banner" which is supposed to display an image of the app and an option to either:

  • Download the app if it isn't on the device
  • Open the app if the app is downloaded on the device
There's a problem, however. 

Take a look at this screenshot:


The Smart App Banner displayed by pay.pittcountync.gov is completely blank. This shouldn't be happening. 


Steps to Reproduce:

1. On an iPhone running iOS 18.0.1 navigate to pay.pittcounty.gov
2. Note the blank banner at the top of the screen 
3. Navigate to the app store and download and user the myPittCounty app for iOS
4. Navigate again to pay.pittcounty.gov
5. Note the blank banner at the top of the screen

Result: The Smart App Banner displayed at the top of pay.pittcounty.gov is blank 

Expected: The Smart App Banner displayed at the top of pay.pittcounty.gov should never be blank 



Posted by at No comments:
Labels: , ,

Monday, October 28, 2024

myPittCounty for iOS: Google OAuth Consent Screen: Incorrect App Name of project-191509807296

 iOS 18.0.1

myPittCounty app for iOS

10/28/2024

Description:

Here's a common problem with Google Oauth consent screens. On the Google Oauth screen presented by the myPittCounty app, the correct app name is not listed. Take a look at how it appears:




This goes against Google's own rules


Steps to Reproduce:

1. Download the myPittCounty app for iOS

2. Navigate to the log in page

3. Select the Google logo

4. From the "myPittCounty" Wants to Use "google.com" to Sign in" prompt, select "Continue"

5. From the consent screen, note the app's name isn't listed (instead it says "project-191509807296")

Result: When accessed via the myPittCounty iOS app, the Google Oauth consent screen does not display the name of the app. The app is represented as: "project-191509807296"

Expected: When accessed via the myPittCounty iOS the Google Oauth consent screen should display the correct name of the app 


Download the myPittCounty app from the app store and launch it...


Select the Google option here...


Select "Continue"...


No name of the app: just a project name. 



Curiously the Google Oauth consent screen is taken to in the app is not the same Oauth consent screen that the user is taken to when accessed via the web. The web login can be accessed here






Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)