iOS App 'UVLens' Apparently Hacked, Sends Out Very Inappropriate Notifications [Updated]
An iOS App Store weather app called "UVLens" this morning sent out highly inappropriate pornographic notifications to all of its users, suggesting the app may have been hacked or otherwise compromised in some way.
There are dozens of complaints from users on Twitter who received the notification, which was in no way weather related and was explicit enough to shock users who received it.
UVLens is a simple app designed to provide hourly UV forecasts for those who are concerned about their sun exposure. It is a general use app and it's quite possible that it could have been downloaded by children given its 4+ age rating.
UVLens appears to have sent out the notification to all of its users given the volume of tweets, and one person said that when she tapped the incoming notification, it tried to open a secondary window.
MacRumors was alerted to the issue by editor Mitchel Broussard, who has been using the app for more than a year. Prior to today, the app worked well and sent out no inappropriate content to users. We've never before seen reports of an app sending out notifications like this, so it's rather unusual.
Apple does not appear to have a solid reporting system in place for instances like this, as we discovered after the notifications went out. UVLens has not yet commented on the situation.
There's a "Report a Problem" website for reporting issues with recently purchased iOS apps, but it does not work with older purchased apps that suddenly go rogue. There's no report button in the App Store for individual apps, no option when 3D Touching an app on the Home screen, and no clear support path for alerting Apple about problematic apps.
We have contacted the UVLens developer, and multiple people have been sending complaints on Twitter, so the app may be removed from the App Store or fixed in the near future.
For now, customers who have installed UVLens will likely want to delete the app because it's not clear what's going on and if there has been a breach of some sort.
Update: UVLens sent out another notification, apologizing for the explicit push notification. The company says that it was not from the UVLens team and is being investigated.
Update 2: UVLens tells MacRumors that a third-party push notification service that it uses was compromised, allowing a spammer to send out inappropriate notifications through the network, including to UVLens users. UVLens says that steps were taken to prevent it from happening again and no app software was compromised.