Opendoor app for iOS: Declining the Affiliated Business Arrangement Disclosure doesn't cease account creation or stop recommendations for affiliated businesses

 iOS 16.6

Opendoor app for iOS (version 179.0.0)

Date: 09/03/2023

Description:

Here's an odd one that I haven't seen before. During the account creation process, the Opendoor app for iOS displays a to the user, and then gives the user the option to either accept or decline something referred to as the "Affiliated Business Arrangement Disclosure" which is a requirement under something known as the Real Estate Settlement Act. 

Strangely, if the user declines the prompt given to accept the disclosure terms, account creation continues - and - it appears as if the Opendoor sponsored and affiliated entities are still offered to the user. 

Hello .@Opendoor - here’s an odd issue with the app. Declining the Affiliated Business Arrangement Disclosure (a provision of RESPA) still results in account creation. I am guessing this is a bug, since the app wouldn’t function if the user opt-ed out?

Cc: .@Justindross pic.twitter.com/2XsgVz2SHA

— Robby Delaware (@RobbyDelaware) September 3, 2023

From a design point of you this is confusing! 

Steps to Reproduce:

1. Download and launch the app 

2. Select "Sign in"

3. Select "Create account"

4. From the Affiliated Business Arrangement Disclosure select "Decline"

Result: Selecting "Decline" on the Affiliated Business Arrangement Disclosure prompt does NOT stop account creation 

Expected: Selecting "Decline" on the Affiliated Business Arrangement Disclosure prompt should stop account creation 

Atmosfy app for iOS: Terms of Service and Privacy Policy links take user back to App Store

 iOS 16.6

Atmosfy app for iOS (version 4.23.0)

Date: 08/27/23

Description:

Here's a problem I have never seen before. 

Inside of the Atmosfy iOS app, the "Atmosfy Terms of Service" and "Privacy Policy" links do not take the user to a Terms of Service or a Privacy Policy. Instead they take the user back to the Apple App Store listing for the Atmosty app. 

The Terms of Service and Privacy Policy links take the user back to the App Store. 

Hello .@AtmosfyApp -

The Atmosfy Terms of Service and Privacy Policy links don’t take users to either - they just loop the user back to the App Store. The App Store links loop to the app!

This is a violation of .@AppleSupport guidelines pic.twitter.com/KvStGpCWb0

— Robby Delaware (@RobbyDelaware) August 27, 2023

Steps to Reproduce:

1. Download and launch the Atmosfy app

2. Select "Log In"

3. Select either the "Atmosfy Terms of Service" or "Privacy Policy" links

4. User is take back to App Store 

Result: The "Atmosfy Terms of Service" and "Privacy Policy" links do not take the user to either a privacy policy or a Terms of Service - instead they loop the user back to the App Store. 

Expected: These links should work  

BigLots app for iOS: XSS error from searches for plaintext

 iOS 16.6

BigLots app for iOS

Date: 08/23/23

Description:

The BigLots app for iOS as a problem with self-directed XSS. Entering the term "<plaintext>" in the search box inside of the BigLots app results in an error.

Steps to Reproduce:

1. Download and launch the BigLots app for iOS

2. Click inside the input box that says, "Search BigLots.com"

3. Enter in "<plaintext>" as a search term

4. Click on "Search" 

Result: The BigLots iOS app displays an error message if "<plaintext>" is entered as a search term - there is a problem with self-directed XSS

Expected: The BigLots iOS app should not display HTML text from a "<plaintext>" search 

Click inside the search input box and enter in "<plaintext>"

Enter in "<plaintext>"

HTML error from a self-directed XSS command. 

BigLots app for iOS: Invalid Privacy, App Support and Developer Website links in the App Store

 iOS 16.6

BigLots app for iOS

Date: 08/23/23

Description:

The BigLots! app for iOS has bad links connected to the listing for the app in the Apple App Store. 

The "Developer Website" link leads to: http://support.biglot.us/

The "Privacy Policy" link leads to: https://privacy.biglot.us/

The "App Support" link leads to: http://support.biglot.us/

These links are all not working, and as is common knowledge, Apple requires working links to a readable privacy policy in the app store listing.

Steps To Reproduce:

1. Head to the BigLots app store listing

2. Click on the "App Support", "Privacy Policy" and "Developer Website" links

Result: The "App Support", "Privacy Policy" and "Developer Website" links are not working with the BigLots app store listing 

Expected: The "App Support", "Privacy Policy" and "Developer Website" links should be working on the BigLots app store listing 

iOS 16.6: Native Mail App: Email Messages Activate inside of apps can't be dismissed - user stranded!

 iOS 16.6

Mail app for iOS 

Date: 08/22/2023

Description:

Today I came across an especially bad bug with the native iOS Mail app. I've gotten it to reproduce with multiple iPhones running 16.6.

I'm not sure how to describes but the problem is something like this: if an app activates the iPhone's native iOS Mail app, the user gets complete stuck when trying to cancel out of writing the email. The user is stuck staring at an unresponsive email message and has to force quit the app. 

This is much easier to show than to describe, so please take a look at a video of the bug:

Here’s a video of the bug. I can get this to happen 100% of the time. An extraordinarily debilitating bug with the native iOS Mail app

.@AppleSupport .@fb_engineering .@Meta https://t.co/jMTGtGnMOk pic.twitter.com/1YlLYXHMVS

— Robby Delaware (@RobbyDelaware) August 21, 2023

Steps to Reproduce:

1. Install the Native iOS Mail app and have it be the default 

2. From inside an app like Facebook, select an option to "Send Email"

3. From a generated email message select "Cancel"

4. Select "Delete Draft"

5. Select "Cancel" (nothing happens)

Result: Users are unable to dismiss ("cancel out of") email messages created by the native iOS app when these messages are shown in app 

Example: Using iOS app, select an FB page with "send email" button - from generated email message, select "cancel" 

Expected: User should always be able to exit out of an email message - an app like the Facebook iOS app should not rendered unusable by exiting out of a message 

Head to a Facebook page that has a "Send Email" option. 

Select the "Cancel" option from this email.

Select "Delete Draft"

User is completely stuck. A force quit is required to get the Facebook app working again.

Threads app for iOS: Naming Conventions: "WhatsApp" is presented as "Whatsapp"

 iOS 16.5

Threads app for iOS (version 

Date: 07/07/2023

Description:

Naming convention issue inside of the Threads app. The Threads app has an error message that looks like this:

As you can see "WhatsApp" is displayed with a lower case "a." This is an incorrect representation of the "WhatsApp" brand. 

Steps to Reproduce:

1. Enter into the app - login with IG account

2. Select the person/profile option in the bottom right hand of the screen

3. From the "Settings" page select "Follow and invite friends"

4. From the "Follow and invite friends" page select "Invite friends by WhatsApp"

5. From the ""Threads" wants to open "WhatsApp" prompt, select "Cancel"

6. Note the error message: "Couldn't open Whatsapp" 

Result: An error message inside of the Threads app displays the term "Whatsapp"

Expected: The term "Whatsapp" should not appear in the app as "WhatsApp" is recognized as "WhatsApp"

Select "Follow and invite friends"

Select "Invite friends by WhatsApp"

Select "Cancel"

Vocal app for iOS: Error Message from the Twitter Authorization Page

 iOS 16.5

Vocal app for iOS (version 1.10.1)

Date: 06/10/2023

Description:

The Twitter authorization option with the current version of Vocal does not work at the moment. The following error message is displayed:

Steps to Reproduce:

1. Download and launch the Vocal app for iOS

2. Select the "Sign In or Join Vocal" option 

3. From the "Sign In or Join Vocal" pop-up select the "Continue with Twitter" option 

4. From the "Vocal" Wants to Use" pop-up select "Continue"

5. Note the error message that states: "Internal Server Error"

Result: There Twitter authorization page that the Vocal app displays shows an error message of "Internal Server Error"

Expected: The Twitter authorization page that the Vocal app displays should either work - or the Twitter option to create a Vocal account should be removed 

See the screenshots below:

Download and launch the Vocal app for iOS

Select the "Sign in or Join Vocal" option 

Select the "Continue with Twitter" option...

Select the "Continue" option...

Error message - Twitter Authorization not working...

Internal Server Error message