Thursday, July 11, 2024

Kohl's app for iOS: The "Rewards Terms" link during Account Creation leads to a 404

 iOS 17.5.1

Kohl's - Shopping and Discount app for iOS (version 8.2.19)

07/11/2024

Description:

The "Rewards Terms" link during account creation leads to a 404 page when accessed from the app.

Here's where the link is found inside of the iOS app:


There's a "Rewards Terms" link accessible from this page inside of the app. Clicking on this link takes the user to...


A 404 page.


The same "Rewards Terms" link, when accessed from a laptop, looks like this:




It's obviously not an optimal end-user experience to end up on a 404 page during account creation. 


Steps to Reproduce:

1. Download and launch the Kohl's app for iOS

2. Select "Sign In" from the bottom right 

3. Enter in a valid email address and select "Continue"

4. Enter in a valid password and select "Create Password"

5. From the Kohl's "Create Account" screen, scroll down and click on "Rewards Terms"

Result: The "Rewards Terms" link on the "Create Account" screen leads to a 404 page

Expected: The "Rewards Terms" link on the "Create Account" screen should lead to a valid Rewards Member's Agreement page 

Tuesday, July 9, 2024

Nihao Jewelry - Wholesale Online app for iOS: Google OAuth Consent Screen: Privacy Policy link crashes the app

 iOS 17.5.1

Nihao Jewelry - Wholesale Online app for iOS (version 2.19.1)

07/09/24

Description: 

Here's a problem with a Google OAuth consent screen that leads to a crash. There's an app called Nihao Jewelry (NihaoJewelry) that comes up frequently in the app store. It looks to be a Blue Nile competitor. 

Like many apps, this app has an option to create an account using your Google credentials on a Google OAuth consent screen. 

That screen looks like this on web:


Instead of leading to a valid privacy policy, the app is linking to something that was hosted at: http://www.mm.com/index.php/customer/account/login/


I'm not really sure what mm.com used to be, but it did sell for quite a lot some years ago

Long story short: the link is dead. This dead link crashes the Nihao Jewelry iOS app.

Here's the Google OAuth screen inside of the app:


If you select the "privacy policy" link from within the iOS app, the app crashes. It shouldn't be doing this, of course.

Steps to Reproduce:

1. Download and launch the Nihao Jewelry - Wholesale Online app for iOS (version 2.19.1)
2. Select the Profile option in the lower right hand corner of the screen 
3. Select the "Continue with Google" option 
4. From the ""Nihaojewelry" Wants to Use" option, select "Continue"
5. From the Sign in page, select "privacy policy"

Result: Selecting the "privacy policy" link on the NihaoJewelry - Wholesale Online app's Google OAuth consent screen crashes the app 

Expected: The "privacy policy" link on the NihaoJewelry - Wholesale Online app's Google OAuth consent screen should work - selecting it should take the user to a valid privacy policy - it should not crash the app


Please take a look at the attached screenshots:


Download and launch the Nihaojewelry app for iOS...

Select the "Account" option...


Select the "Continue with Google" option...


Select "Continue"


Select the "privacy policy" link...


The app will hang for a few moments and then crash...














Sunday, July 7, 2024

OLX: Pakistan app for iOS: Google OAuth Consent Screen: Privacy Policy and Terms of Service Links Do Not Work

 iOS 17.5.1

OLX: Pakistan app for iOS (Version 15.48772)

07/07/24

Description:

Here's another problem with a Google OAuth consent screen. A company called OLX: Buy and Sell Near You is a major e-commerce platform.

The iOS app has a consent screen that looks like this:

The Google OAuth consent screen for an app called OLX has a privacy policy and a terms of service link. Neither link works. Instead of taking the user to valid pages - or even 404 pages - the user just goes for a sort of loop.

The link to that particular consent screen can be found here


The "privacy policy" and "terms of service" links on this Google OAuth consent screen do not work. They do not lead to either valid privacy policies or terms of service. Nor do they link to 404 pages. Instead they just loop the end user back into a web version of the app.

Steps to Reproduce:

1. Download and launch the OLX: Pakistan app for iOS

2. From the "Log in to your OLX account" screen, select "Log in with Google"

3. From the "OLX Pakistan" prompt, select "Continue"

4. From the Google OAuth consent screen, select either "privacy policy" or "terms of service"

Result: The "privacy policy" and "terms of service" links on the Google OAuth consent screen for the OLX: Pakistan app do not work. They do not take the user to either valid privacy policies or terms of service - nor do they take the user to a 404 page

Expected: The "privacy policy" and "terms of service" links on the Google OAuth consent screen should take the user to valid privacy policies or terms of service 


From the "Create a new OLX account" screen, select "Join with Google"

Select the "Continue" option...

The "privacy policy" and "terms of service" links do NOT work. 






Saturday, July 6, 2024

JJ's House for iOS: Google OAuth Consent Screen: Incorrect App Name of project-804447566408

 iOS 17.5.1

JJ's House for iOS (version 5.6.1)

07/06/2024

Description: 

For years now I have looked at Google OAuth consent screens, spotted problems, and then promptly forgot about them. No more! From now on, if I spot a problem with the Google OAuth consent screen that is used by an iOS app, I will document it. Maybe I will even start a whole new blog.

First up: the Google OAuth consent screen used by an app called JJ's House for the iPhone. Let's take a look at what this looks like:

Shouldn't look like this!


Curiously the Google OAuth consent screen that the user is taken to via the app (which you can access here) is not the same as the OAuth consent screen that the user is taken to when accessed via web. You can access the web consent screen here



This obviously is a problem, and the end user experience for the user using the iOS app is poor. This appears to go against Google's own rules

I feel motivated to report these, and I will endeavor to write them down when I spot them. 

Steps to Reproduce:

2. Select "Sign in / Register"
3. Select the Google logo
4. From the ""JJsHouse" wants to Use Google" prompt, select "continue"
5. From the consent screen, note that the app's name isn't listed (instead says "project-804447566408")
6. Click on "project-804447566408"
7. Note less than informative contact email (email address seemingly unrelated to app)

Result: When accessed via the iOS app, the Google OAuth consent screen for JJ's House is missing the name of the app. The app name is represented as: "project-804447566408"

Expected: When access via the iOS, the Google OAuth consent screen for JJ's House should display the correct name of the app - not "project-804447566408" 


Down the JJ's House app for iOS and select the Google logo...


Select "Continue" from the prompt...



The Google OAuth consent screen does NOT list the name of the app. This only happens when accessed via the iOS app. This does not happen on web...


Email contact under "Developer Info" - the email address appears to have no connection to the app. As an end user, am I supposed to trust this address? 






Clearya app for iOS: The Facebook Messenger option to Share App Fails - Error Message Displayed

 iOS 17.5.1 on an iPhone Xr

Clearya app for iOS (version 2.7.1)

07/06/2024

Description:

There's a minor problem with the Clearya app for iOS. There's an option inside of the app to "Share the App" which activates the iOS share sheet. 

For me, at least, when I select the Facebook Messenger option, the following error appears:






Steps to Reproduce:

1. Launch the Clearya app for iOS

2. Select the side bar slider in the upper left hand corner of the screen 

3. Select "Share the App" 

4. From the iOS share sheet, select the Facebook Messenger option 


Result: After entering the "Share this app" path inside the app, a "Couldn't load content" error message appears after the user selects the Facebook Messenger option from the iOS share sheet. Sharing via Facebook Messenger appears broken 

Expected: The option to share the app using Facebook Messenger via the iOS share sheet should work