Lol, yeah I was just gonna ask: “but can you flirt back??”. ;0)
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iOS App 'UVLens' Apparently Hacked, Sends Out Very Inappropriate Notifications [Updated]
- Thread starter MacRumors
- Start date
- Sort by reaction score
Lol, yeah I was just gonna ask: “but can you flirt back??”. ;0)
has nothing to do with the store. You can pretty much send whatever notification you want to anyone who has the app you maintain installed. Hell I could send out a notification „you all suck d“ to all our customers right now if I wanted to
Meanwhile his/her partner is getting alerts about UV exposure.
If you cant fill in those blanks yourself....heaven help you.I actually don't care about the news. I just wanted to know what the censored screenshot said
I highly doubt the app was hacked. They probably use a 3rd-party push notifications service like Airship or OneSignal, and someone compromised their login for that website and sent a push notification (or, as someone else suggested, perhaps an ex-employee still had access to the 3rd party website.)
I was just about to suggest that — nothing to do with Apple, the app itself, or APNS, but likely a human failure on the developer’s end to secure whatever third-party service they may be using to send push notifications. No way that App Review could have caught this.
Almost like it’s a bad idea to make sending push notifications to your users as simple as “type message, push button” and risk leaving that unsecured. Really wish these services had an option to permanently disable that functionality — without that option, for quite a few use cases, “type message, push button” is more of an attack surface than a feature.
Last edited:
Boss: I want our app on the front page of every tech blog by the end of the week.
Marketing team: Hold my beer.
Marketing team: Hold my beer.
Is it flexible?I get messages like that every night from multiple women so I mean no big deal for me really
[doublepost=1567536108][/doublepost]
If you can't figure it out then I don't think anyone should say lol. How old are you?!
If someone bludgeoned someone else to death with an iMac, you'd blame Apple.
[doublepost=1567542160][/doublepost]
You are displaying clear gender bias.
I actually don't care about the news. I just wanted to know what the censored screenshot said
Not that hard to guess.
But But... Apple's safe, Quality and Secure Apps...
One more time. There’s no evidence the app itself was hacked. Much more likely that the vender’s system was penetrated somewhere along the line.
It doesn't matter. The App is on the App Store, costumers got effected by this situation. If it was on Play Store things would be way worse, am I right?.
But But... Apple's safe, Quality and Secure Apps...
This is a third-party app, not an Apple app. And notifications are sent by way of a server maintained by the app developer or a notification service that the app employs. Something was compromised at the notification server level, and this had nothing to do with iOS or Apple's own apps. In fact, Apple's side of it (delivering the notification) worked perfectly! But they don't vet every notification that is sent, that would be millions a minute.
But you already knew this, right?
It doesn't matter. The App is on the App Store, costumers got effected by this situation. If it was on Play Store things would be way worse, am I right?.
Yes but this app is no more vulnerable than any other app in the store that allows for notifications. It’s on the vender to secure that part of the app.
For those of you who are too stupid to figure out what it says, here it is:
"Do you want to drive me? My car is already broken."
There.
"Do you want to drive me? My car is already broken."
There.
This is reminder that just because an app comes from a reputable organization it doesn't make it automatically safe to have it on your phone. I bet most organizations have no idea what kinds of security holes exist in their apps and infrastructure. Many probably outsource the development of the app making things even worse (i.e. have absolutely no idea what is under the hood).
In this case it would be a function of whether iOS could get infected from a malicious notification. I have no idea but I'm guessing Apple is looking into it. But being careful is always good.