iOS 17.5.1
Nihao Jewelry - Wholesale Online app for iOS (version 2.19.1)
07/09/24
Description:
Here's a problem with a Google OAuth consent screen that leads to a crash. There's an app called Nihao Jewelry (NihaoJewelry) that comes up frequently in the app store. It looks to be a Blue Nile competitor.
Like many apps, this app has an option to create an account using your Google credentials on a Google OAuth consent screen.
That screen looks like this on web:
Instead of leading to a valid privacy policy, the app is linking to something that was hosted at: http://www.mm.com/index.php/customer/account/login/
I'm not really sure what mm.com used to be, but it did sell for quite a lot some years ago.
Long story short: the link is dead. This dead link crashes the Nihao Jewelry iOS app.
Here's the Google OAuth screen inside of the app:
If you select the "privacy policy" link from within the iOS app, the app crashes. It shouldn't be doing this, of course.
Steps to Reproduce:
1. Download and launch the Nihao Jewelry - Wholesale Online app for iOS (version 2.19.1)
2. Select the Profile option in the lower right hand corner of the screen
3. Select the "Continue with Google" option
4. From the ""Nihaojewelry" Wants to Use" option, select "Continue"
5. From the Sign in page, select "privacy policy"
Result: Selecting the "privacy policy" link on the NihaoJewelry - Wholesale Online app's Google OAuth consent screen crashes the app
Expected: The "privacy policy" link on the NihaoJewelry - Wholesale Online app's Google OAuth consent screen should work - selecting it should take the user to a valid privacy policy - it should not crash the app
Download and launch the Nihaojewelry app for iOS...
Select the "Account" option...
Select the "Continue with Google" option...
Select "Continue"
Select the "privacy policy" link...
The app will hang for a few moments and then crash...
No comments:
Post a Comment