Bug in iOS API allows developers to force users to give apps a good rating

Cal Jeffrey

Posts: 3,581   +1,075
Staff member
Facepalm: What is the best way to make sure your app has a five-star rating? Make a killer app? Nope. Shady developers have discovered an iOS flaw that allows them to create apps that will not open unless the user gives it a five-star rating on the App Store.

Self-proclaimed "Professional AppStore critic" Kosta Eleftheriou spotted an app ("UPNP Xtreme") that uses this bug. He tweeted a demo video showing it in action (below).

Upon launch, it presents an App Store rating popup. However, users cannot cancel the dialog box, and it will not close until the user submits a five-star rating. He said this particular app has over 15 million downloads and has generated millions of dollars in revenue. He claims Apple allows bugs like this because of its 15- to 30-percent cut.

"This trick is EXTREMELY easy for any developer to do, and not limited to this app," Eleftheriou tweeted.

Eleftheriou claims that the popup isn't just a fake review prompt. It's the actual review API that Apple has available to developers but is programmed in such a way to exhibit this behavior. Guilherme Rambo, another app developer, broke down the code showing how it works (below).

This app is not the only scammy software Eleftheriou has uncovered. In the last several months, he has found numerous app scams that he claims have made millions of dollars in revenue. Eleftheriou has made it his mission to sniff out these types of apps because of his long-standing feud with the Cupertino tech giant over his Apple Watch keyboard FlickType.

The App Store initially rejected FlickType, and Eleftheriou went through a lengthy appeals process to finally get it accepted. He claims Apple denied FlickType because it had its own keyboard technology in the works and did not want a competing app. Even though the App Store finally approved FlickType, Eleftheriou filed an antitrust lawsuit against Apple earlier this year.

Editor's note: Before we could hit publish on this article, Apple had already removed UPNP Xtreme from the App Store.

Image credit: 9to5Mac

Permalink to story.

 

psycros

Posts: 4,340   +6,348
If it can be proved that Apple allows this kind of criminality then they deserve to pay a price. Otherwise all critics can really say is that Apple was careless with their API.
 

hahahanoobs

Posts: 4,601   +2,563
It's bad enough asking for a rating after using an app for 5mins. Those people can enjoy my 1 start rating when that happens. People that have no common sense should be punished for it.

While I'm at it, I can't stand being asked to subscribe to YouTube channels in the first 2mins. That gets you a dislike even if I like it. Ask me at the end.
 

m4a4

Posts: 3,017   +3,967
TechSpot Elite
If it can be proved that Apple allows this kind of criminality then they deserve to pay a price. Otherwise all critics can really say is that Apple was careless with their API.
They removed the app when the news broke, so I’d say they’re pretty proactive.
They review all app submissions and updates before they can go on the store. So either they knew (and didn't care), or their walled garden isn't as perfect as they try so hard to portray (as they missed something so obvious)...
 

brucek

Posts: 1,212   +1,764
They review all app submissions and updates before they can go on the store. So either they knew (and didn't care), or their walled garden isn't as perfect as they try so hard to portray (as they missed something so obvious)...
I wouldn't be shocked if a developer willing to do this scam also included a little more trickery to make it harder to spot in review: maybe it only triggers some of the time, or outside of work hours, or not in Sunnyvale, or only after a certain date, etc etc.

But yes, bottom line, Apple has/had an issue here and their garden is not perfect.
 

CommonSenseTech

Posts: 103   +94
They review all app submissions and updates before they can go on the store. So either they knew (and didn't care), or their walled garden isn't as perfect as they try so hard to portray (as they missed something so obvious)...
“I found the 1 in 1.3 million apps that is a problem so that means the App Store model totally doesn’t work.”

Doesn’t work that way, sorry. The standard isn’t perfection, the standard is “substantially better than Google and Microsoft,” and Apple’s rocking it by that metric.
 

m4a4

Posts: 3,017   +3,967
TechSpot Elite
I wouldn't be shocked if a developer willing to do this scam also included a little more trickery to make it harder to spot in review: maybe it only triggers some of the time, or outside of work hours, or not in Sunnyvale, or only after a certain date, etc etc.

But yes, bottom line, Apple has/had an issue here and their garden is not perfect.
It could be the case. But that would pretty much guarantee getting banned from the App Store (from what I can tell). I don't know if the developer would value their account enough to avoid that.
 

m4a4

Posts: 3,017   +3,967
TechSpot Elite
“I found the 1 in 1.3 million apps that is a problem so that means the App Store model totally doesn’t work.”

Doesn’t work that way, sorry. The standard isn’t perfection, the standard is “substantially better than Google and Microsoft,” and Apple’s rocking it by that metric.
That's not close to what I said. Don't be a fanboy here using logical fallacies.

But considering how uptight and thorough Apple app reviews can be and have been, they're the ones who put themselves in a position as having such high standards. With such a reputation, something shouldn't need media attention when they already review apps with a fine tooth comb...
 

Cal Jeffrey

Posts: 3,581   +1,075
Staff member
I wouldn't be shocked if a developer willing to do this scam also included a little more trickery to make it harder to spot in review: maybe it only triggers some of the time, or outside of work hours, or not in Sunnyvale, or only after a certain date, etc etc.

But yes, bottom line, Apple has/had an issue here and their garden is not perfect.
Yeah. I was just scrolling through the Twitter feed and saw that it indeed does work as intended for some people. The speculation was that it has something to do with screen size. The was Rambo was describing it, it does sound like the developer used an invisible object to mask the 1,2,3,4 stars and the dismiss buttons to make them inoperable. Theoretically, if the object was statically placed, it might be in different positions on different sized iPhones.
 

CommonSenseTech

Posts: 103   +94
That's not close to what I said. Don't be a fanboy here using logical fallacies.

But considering how uptight and thorough Apple app reviews can be and have been, they're the ones who put themselves in a position as having such high standards. With such a reputation, something shouldn't need media attention when they already review apps with a fine tooth comb...
One in 1.3 million is a rounding error.
 

m4a4

Posts: 3,017   +3,967
TechSpot Elite
One in 1.3 million is a rounding error.
Wait, you honestly think only 1 in 1.3 million apps have a problem like this? You've been drinking too much of the koolaid to think Apple doesn't have more problems (seen or unseen) in their App Store. It even says in the article that they've been finding numerous app scams lol