« | Home | Recent Comments | Categories | »

RTFM 0day in iOS apps: G+, Gmail, FB Messenger, etc.

Posted on August 22nd, 2014 at 15:35 by John Sinteur in category: Apple -- Write a comment

[Quote]:

Apple’s documentation on the tel scheme is really short and easy to read. While reading the first paragraph something caught my attention:

When a user taps a telephone link in a webpage, iOS displays an alert asking if the user really wants to dial the phone number and initiates dialing if the user accepts. When a user opens a URL with the tel scheme in a native app, iOS does not display an alert and initiates dialing without further prompting the user.

So if I click the link in Safari I get the prompt asking me to confirm my action, if I click the link in a native app’s webView it doesn’t ask and performs the action right away (makes the call).

Do people read documentation?

No. And it’s bad.

I instantly assumed people do read documentation so there was no way a big player like Facebook, Twitter, Google, LinkedIn, etc. would do such a silly mistake… but I was wrong.

  1. Nice!

previous post: What the jihadists who bought “Islam for Dummies” on Amazon tell us about radicalisation

next post: Rick Perry: It’s possible ISIS has crossed southern border