Bartels Giant Burger App for iOS - vulnerable to self directed Cross Site Scripting error

Bartels Giant Burger app for iOS
Date: 1/22/2019

Description:

The Bartels Giant Burger app is vulnerable to a self directed, cross site scripting error. This occurs after the user enters in a term like "<plaintext>" into the location search box.

I would assume that a number of other XSS errors can be triggered in this box.

This is easier to show than it is to describe, so please see the attached video:

.⁦@BartelsGiant⁩ There is a minor #XSS error with your iOS app#XSS #XSSiOSapp pic.twitter.com/R4apHmD386

— iPad Mini Bugs (@iPad_App_Bugs) January 22, 2019

Steps to Reproduce:
1. Download the Bartels Giant Burger app
2. Launch the app
3. Select "Locations" from the sidebar
4. From the "Find Your Store" screen, click inside the "Zip or City, State" input box
5. Enter in "<plaintext>" and run a search

Result: A search of "<plaintext>" in the "Find Your Store" location box of the Bartels Giant Burger app results in an XSS error

Expected: A search of "<plaintext>" in the "Find Your Store" location box in the Bartles Giant Burger app should not result in an XSS error

W.W. Grainger, Inc. For iPad App - Single Space Searches Crash the App

W.W. Grainger App for iOS (version 5.20.0)
Date: 01/07/2019

 Description: The W.W. Grainger, Inc. app for iOS will crash if the user runs a search for a single space in the location search bar. This is easier to show than it is to describe, so please take a look at a video of the crash:

.@grainger The W.W. Grainger, Inc. app for iOS crashes if the user runs a search on the map for a single space pic.twitter.com/CX3qXNMn4Y

— iPad Mini Bugs (@iPad_App_Bugs) January 7, 2019

Steps to Reproduce:

1. Download and launch the W.W. Grainger App for iOS
2. (after not allowing location access) Select "Branches"
3. Click inside the "Enter city, state, ZIP or country" input box
4. Press the spacebar once
5. Click on "Search"

Result: Running a search for a press of the spacebar crashes the app

Expected: Running a search for a press of the spacebar should not crash the app

Chewy app for iPad - The "Forgot your password?" link doesn't seem to work on the Account page

Chewy app for iOS (version 3.0.1)
Date: 01/05/2019

Description:

The "Forgot your password?" link on the Account page for the iOS app isn't working for me. During regular use, I went back to this area, after being logged out of my account. From the "Account" page, the "Forgot your password?" link does not work. It works in other areas of the app, but not from here.

.⁦@Chewy⁩ .⁦⁦@ChewyHelp⁩ .⁦@richKroll⁩ .@mishka101 I cant get the forgot password link to work on the profile page.... pic.twitter.com/DvKnmP0dB3

— iPad Mini Bugs (@iPad_App_Bugs) January 5, 2019

Steps to reproduce:

1. Download and launch the Chewy app
2. Select the "Account" icon in the bottom right of the screen
3. Select any option under "My Info" (My Pets, Order History, Payment Methods, Addresses)
4. Click on "Forgot your password?"

Result: The "Forgot your password?" link is not working for me on the Account page of the iOS app

Expected: The "Forgot your password?" link should work

Pocket App for iOS - Can't seem to dismiss the "Legal & Privacy" pop up

Pocket app for iOS (version 7.0.10)
Date: 12/23/2018

Description:

I cannot seem to dismiss the "Legal & Privacy" pop up. I wasn't able to dismiss it on either my iPad Mini, or with an iPhone.

This is easier to show than it is to describe, so please take a look at the embedded tweet below:

.@nateweiner .@mkoidin .@pocket

I am seeing the same bug with Pocket’s iOS app for both the iPhone and my iPad Mini - the “Back” option on the legal page accessible from Settings doesn’t work. You just end up with it stuck in the middle of the screen pic.twitter.com/tmBgp53NUC

— iPad Mini Bugs (@iPad_App_Bugs) December 23, 2018

Steps to reproduce:
1. Download the Pocket app for iOS (version 7.0.10)
2. Launch the app - Create a new account
3. Head to the "Profile" page
4. Select the gear for settings in the upper right
5. From the "Options" pop up, scroll down and select "Legal & Privacy"
6. Press "Back" to try to back out of the "Pocket: Legal" pop up

Result: I seemingly can't back out of the "Pocket: Legal" pop up on either my iPad Mini or an iPhone

Expected: I should be able to back out/the "back" button should work, on the "Pocket: Legal" pop up

Flora - Build Better Habits App. Automatically has read access to camera roll

Flora - Build Better Habits app for iOS (version 1.02)
Date: 12/17/18

Description:

The Flora - Build Better Habits app for iOS appears to have full access to the camera roll without asking for permission. I don't believe this is allowed, and that a dialog message requesting access is required. I know that there is an exemption for profile photos, but the Flora app accesses the complete camera roll without any message from other areas of the app.

It specifically accesses them from the "Connect" screen, after the user clicks inside of the "What do you want to say?" input box, and then clicks on the camera icon. After doing this, the app appears to have full access to the camera roll, without having displayed a permissions prompt.

This is easier to show than it is to describe, so please see the attached screenshots.

Steps to Reproduce:

1. Download and launch the Flora - Build Better Habits app for iOS
2. Create a brand new account
3. Select the message dialog image on the bottom of the screen
4. From the "connect" screen, click inside the "What do you want to say?" input box
5. From the keyboard, select the camera icon

Result: The Flora - Build Better Habits app for iOS appears to have access to camera roll by default. There is no permission message when the app first accesses the camera roll

Expected: That the Flora - Build Better Habits app for iOS will display a permission message before accessing the camera roll

Create a new account...

Click on the messages icon...

Click inside of "What do you want to say?"

Click on the camera icon...

Access to the camera roll is granted (where was the permissions message?)

If the app has read access, why isn't it listed here?

TeachX Mobile App - No User Permission Prompt When Accessing the Camera Roll

TeachX Mobile app for iOS (version 1.0.4)
Date: 12/10/2018

Description:

The TeachX app does not prompt the user permission's to access the camera roll. This happens if the user selects the camera or camera roll option from messages area.

While I believe that this is allowed for profile pictures, I do not believe that this is allowed in any other area of an app.

This is easier to show than it is to describe, so please see the attached screenshots.

Steps to Reproduce:

1. Download and launch the TeachX Mobile app
2. Create an account - approve the EULA
3. Once inside the app, select "Messages"
4. Click on the top right hand of the screen for a "New Message"
5. Enter in a letter, choose any person
6. Click on the button below the garbage can
7. Select either the camera or camera roll option

Result: The TeachX Mobile app opens up and has access to the camera roll without a permission prompt to the user

Expected: The TeachX Mobile app should display a permission prompt to the user before accessing the camera roll

As you can see, no access is indicated on the permissions screen.

Select the Messages option, and send a message. I sent one to myself, so as to not bother regular users...

Click the option in the bottom left hand corner of the screen. Select either the camera icon, or the camera roll icon...

Access to camera roll without read permission asked for, or granted.

Bennett's Mill Middle School App - Un-muting the "Volunteer Mandated Reporter Training Video" crashes the app

Bennett's Mill Middle School App for iOS (version 1.0.7)
Date: 12/09/2018

Description:

The Bennett's Mill Middle School App crashed repeatedly (7+ times) on my iPad Mini when I went in to view the "Volunteer Mandated Reporter Training Video".

This video starts with the audio off by default. It also immediately enters into full screen by default. If you exit out, and then tap the un-mute pop up. The app crashes frequently.

.⁦@BrainRain1⁩ The Bennett’s Mill Middle School app frequently crashes after unmuting the volunteer video pic.twitter.com/AzbxBxKhXR

— iPad Mini Bugs (@iPad_App_Bugs) December 9, 2018

Steps to Reproduce:

1. Launch the Bennett's Mill Middle School app
2. Select the side bar slider
3. Select "Parent Resources"
4. Select "Volunteer Training"
5. Select "View this Video"
6. From the "Volunteer Mandated Reporter Training Video" (with that text on screen) exit out of the full screen mode
7 Toggle the un-mute option

Result: The app frequently crashes if you un-mute the audio on the "Volunteer Mandated Reporter Training Video" that is linked through the "Volunteer Training" portion of the "Parent Resources" section of the app

Expected: The Bennett's Mill Middle School app shouldn't crash if you un-mute the audio on the "Volunteer Mandated Training Video"

NOTE: I know this could be a YouTube problem, but I frequently do this (exit out of full screen, un-mute videos, etc.) and had not seen this happen often until I tried with the Bennett's Mill Middle School App