“This app forced me to give it a good rating before I could use it.”(twitter.com)
twitter.com
“This app forced me to give it a good rating before I could use it.”
https://twitter.com/keleftheriou/status/1397288720357679104
27 comments
Not an IOS developer, but I think they are not blocking the buttons, just asking for the review in a loop. To avoid being caught by the App Store approval process, probably this is controlled by a feature flag enabled after a call to a remote endpoint.
> I think they are not blocking the buttons
They are blocking the buttons. https://twitter.com/_inside/status/1397540108971266049
They are blocking the buttons. https://twitter.com/_inside/status/1397540108971266049
You can only present this alert 3 times a year. Also, you cannot configure it to have a rating already set. Also, when the alert is presented, it is animated. You would see the animation if it were in a loop.
Nothing like making full use of the first time then.
I can confirm this, as an iOS developer.
Very curious if this comment thread can accumulate other examples. I’d be spitting mad if it were an app that I wanted to use and I now had to claw back a fee for.
The linked Twitter account seems to be doing this full time for the last few months, worth checking out his feed.
How does this even work? The iOS pop-up should have priority over any attempts for the app to block pressing areas of the screen.
You’d think!
This is not just possible, it's actually extremely easy to do.
Hoping to share a proof of concept soon.
This is not just possible, it's actually extremely easy to do.
Hoping to share a proof of concept soon.
Any app developer tampering with this should get their app pulled out of the App Store, this is unacceptable.
Yes. And it's even more unacceptable that the system is vulnerable to this kind of tampering.
No, it’s not.
What is not?
“Even more unacceptable…”
It’s not more unacceptable for an exploit to exist than it is for the exploit to be used. One is a risk, the other is actively attempting to do harm.
It’s not more unacceptable for an exploit to exist than it is for the exploit to be used. One is a risk, the other is actively attempting to do harm.
Yes. The review dialog should be shown by the system and the app itself should have no way of tampering with it.
This should be the case for all such interactions, including permissions, image library selection etc.
I realize APIs are hard to change but this is one of the cases where I think Apple should just fix it even if it bricks well-behaved apps until they can be patched (which could be never).
This should be the case for all such interactions, including permissions, image library selection etc.
I realize APIs are hard to change but this is one of the cases where I think Apple should just fix it even if it bricks well-behaved apps until they can be patched (which could be never).
I'm surprised this alert isn't presented from SpringBoard to prevent tampering
are they putting transparent UI elements over the rating dialog and absorbing the taps? that's happened before in other platforms. not mobiles, but web browsers.
Yes but even Microsoft got the UAC dialog right...no user mode program can hijack it. For a company like Apple, this is laughably bad.
Can you describe it in words before the proof?
Someone send this to the Epic lawyers. Although I feel like Epic already has enough evidence of how robust Apple's app store review process it.
From https://twitter.com/_inside/status/1397540108971266049