Skip to main content

Unscrupulous website adverts again redirecting some users to App Store from Safari

[youtube https://www.youtube.com/watch?v=MucM1Cwe3t8]

Update: Some of the websites shown in the video cannot be explained by the hypothesis posted below about adverts redirecting to the App Store. The large amount of corroboration by readers about this happening to them suggests there is a mechanism, somewhere along the line, causing a real problem.

Website advertisement companies have found a way to circumvent the protections introduced in iOS 8 to stop users from being kicked to the App Store because of certain cleverly-coded JavaScript advertisements.

I am now experiencing this myself, and it makes browsing on the iPhone unusable. Browsing to websites such as Reddit and Reuters and others now automatically open the App Store. In many cases, there is no way for me to read the actual content on the pages. You can see this happen in the video above.

This flared up as a serious issue last year, when users found they were being taken to random App Store pages without granting any kind of permission…

In iOS 8 beta 2, Apple supposedly had remedied the issue: “Safari now blocks ads from automatically redirecting to the App Store without user interaction.”. However, it seems that ad companies have now managed to work around these safeguards.

The video above, which shows redirects happening on ten popular websites, is using an iPhone running iOS 8.3 beta 3 and an iPad running 8.2. For some sites, like Reddit, the website content doesn’t even load — I just get instantly kicked to the App Store for a betting app and such. In other cases, the website fully loads but then the redirect fires a few seconds afterwards. The issue is much more wide-reaching than just these ten; these are just the ones I encountered myself today.

It’s unclear why this has started happening to me (it wasn’t happening yesterday and not everyone experiences it), but Twitter searches show that is also affecting others. It’s basically impossible for me to browse the web on my phone due to this. Using alternate browsers has no effect. Disabling JavaScript stops this from happening, but that isn’t really feasible as many websites rely on JavaScript to function, so it doesn’t really count as a reasonable solution.

This is Apple’s problem to fix, not an attack on the websites shown. All of these websites use third-party networks that are outside of their control — it’s not their decision to cause the redirections. We’ve reached out to Apple for comment on the issue.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. lmabe10 - 9 years ago

    I knew this post had to be written by one of the Bens from the use of the word “adverts” in the title!

  2. Yariv Nissim - 9 years ago

    Those websites chose to cover themselves with ads, they have a their share in the blame

    • Sixcolors does not cover themselves in ads, not at all. Quite the contrary actually. Which is even more curious as to how that particular site is booting him and others into the App store. Very odd.

    • thickmcrunfast1 - 9 years ago

      Agreed. When the author claimed that an ad network is outside a site’s control I laughed. That’s a ludicrous statement.

  3. TechSHIZZLE.com - 9 years ago

    No issue here on 8.3b3.

    • Eric Wafford - 9 years ago

      Same here on 8.2, went to every single one of the sites in the vid, even refreshed a few times… nothing.

    • capdorf - 9 years ago

      Happens to me, but not every occasion. I wondered that it started again recently.

  4. miketony - 9 years ago

    My iPhone 6+ has been doing this for a couple months but got a lot worse after installing 8.2.

  5. RP - 9 years ago

    Happens way too much. I went with Apple to try and avoid the Windows and Android type of slime. Not even a walled garden approach can stop it.

    • iSRS - 9 years ago

      Some people wonder why I go into defense mode at times. It is because of articles like this. Can Apple do something about it? Yes. Are they responsible for the problems? No. Is the offending website? Not directly, but I would argue they are more responsible than Apple. They are the ones using an ad service that is either knowingly allowing this kind of hijacking to occur, in which case, they should switch ad provider, or they need to work with their ad provider to get rid of the offending ads.

      • RP - 9 years ago

        To be fair this happens on Android, and I stopped visiting sites that allowed this on Android. Then I got fed up and gave up on Android altogether. What other options are there to the consumer? Just live with it?
        I am not blaming Apple for this crap, they do not create this, but the difference between Android and iOS are slowly shrinking.

  6. Randy March - 9 years ago

    Apple should disable automatic switching to the App Store altogether. “User interaction” can be faked and includes just scrolling. Websites can never be trusted, unlike apps which have some kind of oversight, and should therefore not be allowed to affect user experience so negatively.

    If the website attempts to open an iTunes URL, Safari should ask once for permission and then block such redirection requests in that tab until the user goes to another website by manually entering a URL or through a bookmark. I don’t see how bypassing would become possible.

    Safari preferences should have an option for disabling App Store redirections (and possibly to other apps as well) altogether.

    • moarlogins - 9 years ago

      Apple *does* disable automatic switching. A dialog box comes up that says something like ‘this app is trying to open the App Store, do you want to continue?” and you have a chance to cancel out. I see it all the time.

      • Paul Beasi - 9 years ago

        I find that sometimes I get that dialog box, but just as often I don’t. For a while it had stopped completely, but now it’s back.

      • sigivald - 9 years ago

        They try to, but plainly not well enough, since I’ve also seen App Store pop up without that dialog.

  7. moarlogins - 9 years ago

    Are you sure this isn’t some kind of man-in-the-middle attack? Sixcolors (and maybe other in this video) use ads from The Deck and I can’t believe they are running ads with sneaky Java tricks to direct to the app store. Why would it only affect some people if it was code in the ad?

    • Daniel (@dgp1) - 9 years ago

      Probably some advertisers are slimy and others aren’t. The network(s) has both good and bad ads. Some people are seeing ads for the slimy advertisers, and you’re getting ads from other advertisers who aren’t evil.

      • moarlogins - 9 years ago

        The Deck is categorically not a slimy advertiser and don’t accept ads from such, so there’s more to this than meets the eye. Six Colors and anything running Deck ads don’t do this on most devices.

  8. GeniusUnleashed - 9 years ago

    Hyperbolic much? “UNUSABLE!!!!!!!!!!” waaaaaaaaaahhhh. Or just don’t use Safari. I’m pretty sure your iPhone is still usable.

    • Scott Buscemi - 9 years ago

      You’re holding it wrong.

      • moarlogins - 9 years ago

        hahahaha
        A zinger straight from 2010. You’re so funny.

    • Kip Beatty (@kipb) - 9 years ago

      You might learn to read, or read more carefully, before commenting. He didn’t say “my iPhone is unusable”. He said the exploit “makes browsing on the iPhone unusable” and I’d say that’s a fair claim based on the video. I’ve had this happen to me a couple of times, and it’s a real pain in the ass. If it was happening to me as frequently as it’s happening in the video, I’d no longer be able to browse with my iPhone.

  9. iSRS - 9 years ago

    This extends beyond Apple/iOS. It is a form of hijacking. Happens occasionally on a few other websites. Was happening to a Disney forum I go to a few months back.

    The problem is the ad provider. More likely than not, not even them, but some ad user that is violating the terms they have with an ad provider.

    Can Apple do something about it? Absolutely, as evidenced by the “fix” they did before.

    But to say the offending websites have no control is false. They can report it to the ad provider they use. And hold them accountable.

  10. Tim LeVier - 9 years ago

    Why only “some” users? What is unique about you that you get redirected? Why don’t I get redirected at all? I’m on the latest release on a 6+. Maybe it’s an app that you have installed on your device that’s corrupting your safari experience? Maybe it only does it on Wifi?

    • iSRS - 9 years ago

      Your question answers the riddle. It is just some users because it is only certain ads. If you don’t get that ad, you won’t be redirected. Which, again, points to it being an ad issue.

  11. iSRS - 9 years ago

    Anyone able to reproduce since this article went up? Guessing if not that the affected sites may have done something, or the ad network.

  12. “Some people wonder why I go into defense mode at times. It is because of articles like this. Can Apple do something about it? Yes. Are they responsible for the problems? No. Is the offending website? Not directly, but I would argue they are more responsible than Apple. They are the ones using an ad service that is either knowingly allowing this kind of hijacking to occur, in which case, they should switch ad provider, or they need to work with their ad provider to get rid of the offending ads.”

    Totally agree. Stop blame Apple for everything. This is so stupid.

    • joelwrose (@joelwrose) - 9 years ago

      This is a complex issue, but its really in Apple’s wheelhouse to fix. The fault lies with the advertisers and the ad networks. The ad network could (and may) have something in their terms of use that this is not allowed and ban accounts for doing so, but those are likely going to have to rely on people reporting it to the ad network. I doubt many users go through that trouble to do so. Even if they did, some would always get through, even for a short time. The website operators are never going to be on the front of the curve as to what is and isn’t going on with 3rd party ads that are coming onto their site. You could blame them, but they can’t do much to fix it. They could switch ad networks, but I’m sure most people running these sites have no idea or guarantee that switching ad networks will fix it- who’s to say the next ad network they choose could do the same thing?

      That brings us to Apple. Since they make the hardware and software that’s being affected, the best approach is for them to resolve it and shut it down. Is it their fault? No. Do they have to fix it so user experience isn’t interrupted? Yes.

      This is very similar to when an exploit for an OS crops up. (In many circumstances) You can’t blame Apple or Microsoft for not fixing something before its a problem in their OS, but once someone finds a way to use it in a bad way, they have to resolve it.

      • iSRS - 9 years ago

        This type of attack is not limited to Apple nor mobile. It is the advertisements and those owners.

        Again, as demonstrated previously, Apple can do something to fix, but it will just find a new way around it

  13. Mark Wickens - 9 years ago

    “All of these websites use third-party networks that are outside of their control”

    It’s not out of their control whether they continue to deal with third-party networks that allow these malicious ads.

    • moarlogins - 9 years ago

      It’s not the third-party ad networks either. Jason Snell checked with The Deck and they categorically state that they don’t have ads doing this.
      Much more likely is a router hijack on the wifi network @bzamayo is using, but much better for him to write a sensationalist piece like this.

  14. This was also happening to me constantly, but I reset my router to factory settings and it went away. I notices my DNS settings were changed.

  15. chiefted - 9 years ago

    Ditto on the non issue here (went to sites, refreshed, even closed out everything and rebooted my phone).

  16. pnhawaii - 9 years ago

    Have you tried to remove all of your cookies and browsing data in your iPhone’s safari settings? I’m using iOS 8.3 public beta 1 and my iPhone works perfectly fine.
    Hope you can get rid of it, good luck!

  17. André Baron (@abaron) - 9 years ago

    So the problem with lies with Apple because someone has found a way to circumvent previously created protections against this?

    What about the Ad Networks who are serving this junk? Furthermore, these ad networks seem not care about this, flash ads and ads that put banners on the bottom of mobile screens.

    I think the responsibility here lies with the ad network cleaning up their product. They need to be securing the stuff they are sending, no matter what.

    Apple can close this loophole, again, and they’ll find something else. I’d love to see a link on the app store page for an app that says something like “Report this app for an App Store Redirect.” If the apps themselves start to get pulled because of this they’ll demand their advertisers fix things.

  18. Paul Beasi - 9 years ago

    Happens to me constantly. My friend also got a redirect today to a page that was an obvious scam that put up an unremovable dialog box with a fake “You need to call Apple” tech support message. We had to wipe her browsing history to resolve it as it just would not go away with relaunches or reboots and the tab could not be closed.

    Is there a way to launch Safari WITHOUT restoring the previous session?

    • I had to disable JavaScript in Safari to stop the dialog from opening. Disabling JavaScript prevents the code from running and you can close the window where it is running. Very annoying though.

      • Paul Beasi - 9 years ago

        I can’t believe I didn’t think of that, thanks!

    • Matt Gillette - 9 years ago

      Hold down shift while launching safari and it won’t open the previous windows.

  19. Kevitivity (@Kevitivity) - 9 years ago

    We run Privoxy on a home server to have all ads removed from our iOS devices. It’s become a must have in our opinion.

  20. silverhawk1 - 9 years ago

    Try using AdBlock for iOS. It’s been updated and works very well.

  21. Shane - 9 years ago

    Solution seems simple to me. If a company uses those ads, all of their apps should be removed from the store.

    • Daniel (@dgp1) - 9 years ago

      That would work great once, but after that, who’s to stop you from buying a force-redirect ad pointing to your competitor’s app?

      This is the same reason why Google can’t do too much about people having spammy inbound links. You can’t control who links to you, so people can abuse a rule to get you in trouble, and it would be hard to prove whether you were behind it or being ‘framed.’

  22. – Are you on a VPN or any kind of proxy?
    – Is the WiFi network yours?
    – Does it happen on cellular?
    – With cookies off?
    – Have you tried sniffing the http requests/responses and figuring out where exactly is happening?

    It should be straightforward to narrow down exactly whats happening here.

    • moarlogins - 9 years ago

      It is straightforward and it would yield a much more useful article if @bzamayo tracked down the problem and detailed how to fix it. Unfortunately in the page-hit driven world he writes for (have you seen all the AdChoices ads on the page?) it’s much more lucrative to write an erroneous piece with a sensational headline and blame Apple. The true tech reporters who understand what might be going on here such as Jason Snell, John Gruber etc will link to the piece because it is so wrong and accuses the ad network they use, driving masses more traffic here. Job done as far as 9to5Mac is concerned.
      They have no incentive to actually figure out if their router has been hijacked or correct the story.

  23. bc2009a - 9 years ago

    This has NEVER happened to me and even when I test the websites from this video it does not happen. I am guessing that something has been hijacked in the network route here (perhaps DNS). Check your router DNS — check if your ISP is doing some unscrupulous things. Make sure you are running the latest iOS (though I am running 8.2, this never happened under 8.1).

    Something else is awry here if this is happening because many of us cannot replicate this issue and have never seen this issue.

  24. Pete Garza - 9 years ago

    Hmm no problems here 8.1.2.

  25. Adam Ottke - 9 years ago

    I’m just throwing this out there….but maybe Private Browsing helps??? I like having my bookmarks and all that synced to my phone from my computer, but I don’t want my phone’s history changing what my computer’s history is so the recent sites on my computer stay the same. So I always have private browsing on for my phone… And I’ve NEVER had this issue. Just thinking aloud (iPhone 6, latest iOS 8 update whatever it just was…8.2?).

  26. herewegoagain7 - 9 years ago

    If this is “Apple’s problem to fix” then why doesn’t it happen on all devices? Does this happen on every single network you use as well as on LTE? There are WAY too many unanswered questions in this article for you to go pointing fingers to what you think the root of the problem is…and I heavily doubt it’s Apple’s to fix.

  27. standardpull - 9 years ago

    “This is Apple’s problem to fix, not an attack on the websites shown. All of these websites use third-party networks that are outside of their control — it’s not their decision to cause the redirections. We’ve reached out to Apple for comment on the issue.”

    The fact that advertising partners of Reddit and Reuters pages are injecting garbage (malware, annoyances, hate speech, porn, etc) into their content is exclusively the responsibility of Reddit and Reuters, who are obligated to take corrective action.

    That’s not to say that Apple must also change their code. But Reddit and Reuters must be held fully responsible for the content that is embedded in their markup.

    In short, this is NOT a complex problem: if a web site’s ad partners are both untrustworthy and doing the wrong thing, then the web site is obligated to eliminate them as partners IMMEDIATELY.

  28. Kimberly Jeans - 9 years ago

    I haven’t noticed one way or the other since installing Public Beta 8.3 on my iPad mini. But on my iPhone 6 running 8.2, it is becoming more frequent again. It had almost stopped for a long while, but I’ve noticed that it’s becoming an issue again.

  29. Chuck Quast (@quastdog) - 9 years ago

    Redirects to the App Store aren’t so bad. Here in Thailand, I get the same automatic redirects to Russian porn sites. My wife isn’t thrilled when these come up on her iPhone or iPad.

  30. Roger Williams - 9 years ago

    This has been happening in Chrome on iOS as well. Salon.com is a major offender sending me to Candy Crush on the App Store almost non stop.

  31. docwallaby - 9 years ago

    I hate when this happens. One of many reasons I stopped going to what had been my go-to Apple news source over the last few years: the site constantly redirects me to the App Store thanks to the site owners’ wall of advertisements. That, combined with their abrasive attitudes, forcing their political agenda on readers, and blatant classism made it an easy decision to step away.

    Hopefully Apple does something about it in a future update, because Lord knows the websites and ad-pushers aren’t going to change.

  32. thickmcrunfast1 - 9 years ago

    Sorry. The minute you claimed that the ad networks are outside the website’s control you lost me. That’s a logical fallacy. They don’t have to use a particular ad network if it is known to illegally hijack web browsing.

    • moarlogins - 9 years ago

      The thing is, at least one of the sites uses an ad network known to be very careful and thorough about not only the ads they run but the websites they serve too (The Deck). They have checked following the publication of this story and this is not coming from them (I have no affiliation to The Deck) but there has been no further checking by 9to5Mac. It’s most likely a DNS hijack on their router.

  33. philboogie - 9 years ago

    For those only reading 9to5, not a problem ¡

  34. prius3 - 9 years ago

    This happens also in some apps.
    Not only you see the ad banners – they annoy you also redirecting you to the App Store without you being able to do anything about it.
    It makes some of the apps almost unusable. Let alone this problem with browsing.
    Apple needs to fix this. Fast.
    (iPhone 6 running 8.2)

  35. Michael Anderson - 9 years ago

    “This is Apple’s problem to fix, not an attack on the websites shown.”

    The most reliable way to fix it would be to include an ad blocking option in Safari, and to enable it by default. As a consumer I’d love that, but I’m guessing that 9to5mac would not feel the same way.

    • Timo Roivas - 9 years ago

      Google and or Apple problem…
      I did a test, because this happened to my website I thought I have been hacked. Every visit to my webpage where redirected. I started to remove all 3-part code. the solution was to remove google analytics….after that no redirects. I reported this to Google they told me to contact Apple, but they will pass this to their own technicians too.

  36. I’ve seen this happen before and it’s very annoying. But I systematically tried all of the websites in your video, and absolutely none of them redirected me (running Safari on iPhone 6 with iOS 8.2).

    “All of these websites use third-party networks that are outside of their control…” – this is just so patently false. Websites choose to use these scammy ad networks and should bare some of the responsibility.

  37. having this problem right now. how can i fix it?

  38. Timo Roivas - 9 years ago

    Google and or Apple problem…
    I did a test, because this happened to my website I thought I have been hacked. Every visit to my webpage where redirected. I started to remove all 3-part code. the solution was to remove google analytics….after that no redirects. I reported this to Google they told me to contact Apple, but they will pass this to their own technicians too.

  39. fuzzygruf (@fuzzygruf) - 9 years ago

    I’ve been having this problem sporadically. Today I updated to 8.2, and then Safari wouldn’t even give me a chance to click on any window. It would just redirect me to the app store. The google told me that I could close all Safari windows at once by hitting “Private.” Unfortunately, I couldn’t hit “Private,” because I was being redirected to the app store too quickly.
    Solution?I turned off wifi. That let me open Safari and hit “Private” to close all Safari windows. Problem solved… at least until I open one of those websites again.

  40. Frank Berger - 9 years ago

    Easy Fix: have apple take down any app in the Appstore that chooses to advertise this way. The Problem will be gone in a few days time. There are too many crap apps on there anyway

  41. texides - 9 years ago

    I had a similar problem. My problem wasn’t that I was being kicked to the app store, it was that I was being kicked to the app itself. For example, every time I tried to go to the YouTube website, it would take me to the actual YouTube app. This was very annoying indeed.

    I tried everything: clearing my website data, restarting my device, I even tried disabling java script… but nothing worked. However, I’ve found a way to fix the problem.

    First, find the settings app on your device then tap general.
    Next, tap accessibility.
    Then, once you’re inside the accessibility features menu, scroll down and tap guided access.
    After that, toggle the guided access and the accessibility shortcut switch to on.
    Finally, in safari, click the home button 3 times. It will ask you to type a passcode. Just type your desired passcode twice, then tap start.

    To come out of guided access, click the home button 3 times, then type the passcode you specified.

  42. Selah Fairport - 9 years ago

    Just recently started to happen to me on iPhone 6 running 8.3 and 8.4, but only on wifi. If I switch wifi or java script off, the redirects stop. Strange thing is, it doesn’t happen to iPad also running 8.3 or 8.4 on the exact same wifi. So far the one website this keeps happening to me on is ace.mu.nu. The websites in your video seem to not redirect me.

    • techsiege - 9 years ago

      I tried turning off JavaScript, but I was virtually unable to access the internet. This is because some websites actually require JavaScript to function. I also tried changing www. to m. For example, if the URL of the website is

      http://www.redirectedsite.com

      , try changing it by deleting the www and replacing it with m. Now the URL should be

      m.redirectedsite.com

      . The only problem with doing this is it presents you with the mobile version of the website you’re trying to access, rather than the desktop version. This means you might not be able to access certain features of the website.

    • Jim - 9 years ago

      Just started happening to me but only from the UK National Railway Enquiries app – the free version with ads. Not found it happening with Safari. It makes the app unusable so deleted it and trying a different one.

  43. jamesfegel - 9 years ago

    I find this consistently on any site that uses Google for advertising I can find it in their site. I can find the language to do it when I click “save page” in a full browser and view the file from googleads “ads”.
    I could not at all see Mac removing this nuisance… they get a commission every time someone clicks “buy”. They would lose money preventing advertisers from sending visitors to the itunes store

  44. allison1620 - 8 years ago

    Okay so skimming through your comments and trying to understand them, and I admit I probably shouldn’t own an iPhone (5s) but it was a free upgrade and I am pretty technology illiterate, but are you saying my phone wasn’t hijacked and I don’t have a virus? Because I have this exact problem when I go to webmd’s website. So I should basically stop going to their website? I don’t have their apps. Thank you for your help!!!

Author

Avatar for Benjamin Mayo Benjamin Mayo

Benjamin develops iOS apps professionally and covers Apple news and rumors for 9to5Mac. Listen to Benjamin, every week, on the Happy Hour podcast. Check out his personal blog. Message Benjamin over email or Twitter.