On the market for an iPhone? Here's a breakdown of all the currently shipping iPhones from Apple.
iOS App 'UVLens' Apparently Hacked, Sends Out Very Inappropriate Notifications [Updated]
An iOS App Store weather app called "UVLens" this morning sent out highly inappropriate pornographic notifications to all of its users, suggesting the app may have been hacked or otherwise compromised in some way.
There are dozens of complaints from users on Twitter who received the notification, which was in no way weather related and was explicit enough to shock users who received it.
UVLens is a simple app designed to provide hourly UV forecasts for those who are concerned about their sun exposure. It is a general use app and it's quite possible that it could have been downloaded by children given its 4+ age rating.
UVLens appears to have sent out the notification to all of its users given the volume of tweets, and one person said that when she tapped the incoming notification, it tried to open a secondary window.
MacRumors was alerted to the issue by editor Mitchel Broussard, who has been using the app for more than a year. Prior to today, the app worked well and sent out no inappropriate content to users. We've never before seen reports of an app sending out notifications like this, so it's rather unusual.
Apple does not appear to have a solid reporting system in place for instances like this, as we discovered after the notifications went out. UVLens has not yet commented on the situation.
There's a "Report a Problem" website for reporting issues with recently purchased iOS apps, but it does not work with older purchased apps that suddenly go rogue. There's no report button in the App Store for individual apps, no option when 3D Touching an app on the Home screen, and no clear support path for alerting Apple about problematic apps.
We have contacted the UVLens developer, and multiple people have been sending complaints on Twitter, so the app may be removed from the App Store or fixed in the near future.
For now, customers who have installed UVLens will likely want to delete the app because it's not clear what's going on and if there has been a breach of some sort.
Update: UVLens sent out another notification, apologizing for the explicit push notification. The company says that it was not from the UVLens team and is being investigated.
Update 2: UVLens tells MacRumors that a third-party push notification service that it uses was compromised, allowing a spammer to send out inappropriate notifications through the network, including to UVLens users. UVLens says that steps were taken to prevent it from happening again and no app software was compromised.
There are dozens of complaints from users on Twitter who received the notification, which was in no way weather related and was explicit enough to shock users who received it.
UVLens is a simple app designed to provide hourly UV forecasts for those who are concerned about their sun exposure. It is a general use app and it's quite possible that it could have been downloaded by children given its 4+ age rating.
UVLens appears to have sent out the notification to all of its users given the volume of tweets, and one person said that when she tapped the incoming notification, it tried to open a secondary window.
MacRumors was alerted to the issue by editor Mitchel Broussard, who has been using the app for more than a year. Prior to today, the app worked well and sent out no inappropriate content to users. We've never before seen reports of an app sending out notifications like this, so it's rather unusual.
Apple does not appear to have a solid reporting system in place for instances like this, as we discovered after the notifications went out. UVLens has not yet commented on the situation.
There's a "Report a Problem" website for reporting issues with recently purchased iOS apps, but it does not work with older purchased apps that suddenly go rogue. There's no report button in the App Store for individual apps, no option when 3D Touching an app on the Home screen, and no clear support path for alerting Apple about problematic apps.
We have contacted the UVLens developer, and multiple people have been sending complaints on Twitter, so the app may be removed from the App Store or fixed in the near future.
For now, customers who have installed UVLens will likely want to delete the app because it's not clear what's going on and if there has been a breach of some sort.
Update: UVLens sent out another notification, apologizing for the explicit push notification. The company says that it was not from the UVLens team and is being investigated.
Update 2: UVLens tells MacRumors that a third-party push notification service that it uses was compromised, allowing a spammer to send out inappropriate notifications through the network, including to UVLens users. UVLens says that steps were taken to prevent it from happening again and no app software was compromised.
Tag: App Store
[ 83 comments ]
Top Rated Comments
(View all)
20 weeks ago
Google just allows anything onto the Play Store... oh, wait...
Hurr durr this very likely isn't in the actual code, but the app servers themselves being hacked and sending out push notifications. The same thing could happen to literally any app.being ignorant is one thing but trying to **** all over apple because you don't know any better is ridiculous and only people that share that lovely quality will agree with you (looks like they already did)
20 weeks ago
Boss: I want our app on the front page of every tech blog by the end of the week.
Marketing team: Hold my beer.
Marketing team: Hold my beer.
20 weeks ago
I actually don't care about the news. I just wanted to know what the censored screenshot said :D
20 weeks ago
Was the app hacked or the developer? If the users are receiving the texts as the article claims, then it sounds like the developer was hacked and the user IDs they got were stolen.
If the app was hacked, I would expect the user’s contacts to be getting the obscene IMs.
The article says notifications, so likely neither. Probable situation is the developer uses a 3rd party service for managing push notifications, which basically acts as a proxy. Hijack the credentials for one of those services, and you can push arbitrary notifications for an app. It's not, by itself, a security concern, just obnoxious.
[doublepost=1567535899][/doublepost]
What's the last word?
'wet' or similar, I'd guess.
20 weeks ago
They just send out a "Sorry for that, we're investigating" notif
But also, horny weather is something I can get into
But also, horny weather is something I can get into
[ Read All Comments ]
It was a busy week of rumors as we hit the middle of January, with reports about updates to Face ID in the iPhone 12 lineup later this year, signs of a new Mac notebook coming soon, and word that...
Apple has inked a deal for a docuseries called "Dear..." that profiles famous people using an "inventive and cinematic approach" that involves letters written by people whose lives...
Amazon is no longer selling new versions of the Apple Watch Series 4 and Series 5 models through its online store in the United States, with the listings disappearing earlier today.
There is no...
Asphalt 9: Legends, a game that was ported to the Mac using Apple's Mac Catalyst tools, is now available for download from the Mac App Store.
The app was one of the titles that Apple...
Apple is expanding its presence in Germany with plans to open a new office building in Munich, Germany, according to German news site Süddeutsche Zeitung.
Located in the "Karl" office...
For this week's giveaway, we've teamed up with ColorWare to offer MacRumors readers a chance to win custom-painted AirPods Pro, available in dozens of colors.
For those unfamiliar with...
Acclaimed actress Meryl Streep is set to narrate a forthcoming animated short film about Earth Day for Apple TV+.
Getty Images
In celebration of Earth Day, which falls on April 22, the...
Speed to the rescue in Kings of the Castle, this week's addition to Apple Arcade across iPhone, iPad, and Apple TV. The colorful, family-friendly speed runner game by Frosty Pop supports one to...
