Malvertising: Unscrupulous website ads again auto-redirecting users to App Store from Safari

“Website advertisement companies have found a way to circumvent the protections introduced in iOS 8 to stop users from being kicked to the App Store because of certain cleverly-coded JavaScript advertisements,” Benjamin Mayo reports for 9to5Mac.

“I am now experiencing this myself, and it makes browsing on the iPhone unusable. Browsing to websites such as Reddit and Reuters and others now automatically open the App Store… It’s unclear why this has started happening to me (it wasn’t happening yesterday and not everyone experiences it), but Twitter searches show that is also affecting others. It’s basically impossible for me to browse the web on my phone due to this. Using alternate browsers has no effect. Disabling JavaScript stops this from happening, but that isn’t really feasible as many websites rely on JavaScript to function, so it doesn’t really count as a reasonable solution,” Mayo reports. “This flared up as a serious issue last year, when users found they were being taken to random App Store pages without granting any kind of permission.”

“In iOS 8 beta 2, Apple supposedly had remedied the issue: ‘Safari now blocks ads from automatically redirecting to the App Store without user interaction.’ However, it seems that ad companies have now managed to work around these safeguard,” Mayo reports. “This is Apple’s problem to fix, not an attack on the websites… All of these websites use third-party networks that are outside of their control — it’s not their decision to cause the redirections. We’ve reached out to Apple for comment on the issue.”

Read more in the full article here.

MacDailyNews Take: Okay, so we’ve obviously been through this before, so we’ll refer you to this post for more info if you haven’t seen it, yet:

Shady app install ads automatically redirecting mobile users to App Store, Google Play – January 16, 2015

For some time now, we’ve been doing what we can, at a cost to the site, by turning off entire ad networks and having affected users report back if the rogue redirects have stopped or not (it’s not happening to everybody; in fact, we can’t replicate the problem on any of our iOS devices. We’re going to try Reddit and Reuters to see if we can trigger them there via Safari for iOS). We also can see what’s happening in our Inbox. When the flow of complaints that accuse us of being “stupid fscking greedy bastards” cease (those are the “nice” ones), then we know we’ve hit upon an issue.

Currently, as of Monday evening, we think we’ve got these ad networks isolated (off) and the redirects have stopped (or slowed) according to our helpful readers (like Dominick P., for one prominent example – thanks, Dominick for all your help on this!) and because the email missives have ceased.

Again, as Mayo reports, we’re not causing these redirects. Reddit is not causing the redirects. Neither is Reuters. Beyond Apple’s responsibility for their users’ experience, the third-party ad networks really need to get a handle on this and vet who they allow into their systems. Right now, some of these networks are infiltrated by criminals who are spreading malvertising. If they fail to clean up their acts, these ad networks will lose publishers, and eventually their businesses.

If you experience an auto redirect while browsing via Safari on your iPhone, iPad, or iPod touch, please drop us a friendly email, so we know that they’re back and we can try to block them.

You can stop this from happening in your browser of choice on your iOS device by enabling Guided Access in Settings>General>Accessibility. This will prevent the App Store from being launched out of Safari unless you want it to do so.

In closing, this continues to be an absolutely lovely experience all around and we hope it ends sooner than later. Please, Apple, save us if you can!

Related article:
Shady app install ads automatically redirecting mobile users to App Store, Google Play – January 16, 2015


    1. I apologize for my email, MDN. While I did not go nearly so far as to call you “stupid fsking greedy bastards,” I was pretty irritated about the repeated redirects.

      I have one suggestion to reduce this problem, expel any app that uses this kind of underhanded redirect tactic. It would seem to be a self-defeating approach, anyway. I will *never* download an app that is shoved into my face like that.

    2. Every once in awhile, MDN’s page load times going nuts beyond 30 seconds and shows data going or loading from all sorts of strange addresses at the bottom left of Safari’s window. Occurs on Safari and Firefox. Slashdot loads in 2-3 seconds.

      Thus my guess is some ad on MDN takes over control of page loading on an occassional basis.

      Loading the main page is OK, but clicking an article to read is painful.

      1. Should have noted that is on my MBPro.

        One of the URLs seen at the bottom left from the whole list, which I specifically remember, was, which is advertising for a TV app.

        I don’t know what it is doing to Safari, but I’m posting this from an earlier clone of my MBPro which allowed me to get into MDN. Not sure what has gone on, but I suspect bad ads.

  1. If I was Apple, I’d set up a complaint site, verify the complaints and then I’d remove ALL YOUR APPS from the App Store. To get back in the App Store, you’d have some explaining to do.

    1. This has happened to me many times on MDN, and a few times on other sites. If Apple has tried to address this through software and is still getting worked around, then it is time for the moron ad placers to feel the heat of an angry marketplace. Never buy an app that you are redirected to. Communicate the bad behavior to your social media contacts so they know not to buy these aps advertised by these redirects. Make it a big enough economic deal to kill the ad company that uses this behavior. One bad reference is worse than 10 good references so these ad companies should get burned. If anyone knows the name of the ad company doing this, pass it on so we can all apply the heat.

      1. He is saying “…MDN is the only site I have ever visited that does this, when using an iphone..,”. How can you not understand what he said? I also experience on iPhone 5, on only MDN, tho not in last three days.

    1. Aintitcoolnews did it to me a few times but they seemed to be on top of it quickly
      Seems logical to me an Apple oriented site would be targeted for this more than other sites.
      Sorry folks it’s not only MDN

    2. Me too. Pristine iPhone 6, no apps downloaded from the AppStore and MDN is the only site where this happens. Took 5 tries to get to this page without a redirect to either iTunes, the AppStore or a “Win an iPhone 6” page, happened on both the home page and tabs opened from there.

      1. Somebody has come up with some sleazy but clever trick that nobody else has yet figured out. (At least nobody that’s talking). But now that it’s gotten so much attention it won’t be long before somebody sorts it out.

  2. I would say that the websites do have some responsibility in this matter. MDN has taken action and so should others if they have regard for their customers. What I don’t understand is why does this only afflicts mobile Safari. Also I did find using another browser did stop the problem though those browsers could develop the same problem at other times. But surely this is a legal issue too and if ad companies and others are using this then and continue to doso having been warned not to then it has to be made ilegal and the law used to enforce their compliance. Or do we wait for Googles self driving cars are being redirected to any city other than the one programmed in before anyone takes it seriously.

    1. ” MDN has taken action and so should others if they have regard for their customers.”

      It’s still happening on the MDN site. They haven’t cured it yet (booted the rogue advertisers).

      Also, I’ve implemented MDN’s suggested work around. It does not always stop the redirects. Out of a couple dozen tries after I implemented MDN’s suggestion I still got one redirect. Yes, it’s better than before as before implementing the suggestion I was getting redirects 100% of the time, but it’s still not a 100% cure.

  3. Why are some ads redirecting to the Apple Store? Who benefits from this? If it was the apps people are being redirected to, then it would be simple for Apple to simply remove the offending app from the store.

    1. Also video game websites. IGN and Dualshockers have been problems for me, along with MDN. When it gets annoying I usually do a “clear all websites and data” from the settings and that seems to be a temporary fix.

      Looking forward to this getting sorted!

  4. I’ve mot been having redirect issues through Safari but I am having them when using a certain social networking app. I get requests from people trying to chat me up and their profile either indicates they are thousands of miles away, or the person’s personal statistics indicate they are only 2’4″. When I try to block them the fraudulent profile redirects to an advertisers web site.
    This is an issue of unscrupulous advertisers linking into an app through click ads and then redirecting.

  5. Oh My Gosh!!!! I thought it was just me. On vacation in Europe for a month and all I brought was my iPad and iPhone. Everytime I tried to surf the web, those damn ads would redirect me to the App Store. Drove me nuts!!!

  6. Seems much much better. Thank you. I was going crazy because my browser was telling me the site has to reload because of a problem. It was like Safari was having a nervous breakdown.

    Anyway today things are acting, as they should.

  7. “You can stop this from happening in your browser of choice on your iOS device by enabling Guided Access in Settings>General>Accessibility. This will prevent the App Store from being launched out of Safari unless you want it to do so.”

    Well isn’t that completely easy to find and intuitive. Thanks for hiding that where no one would look and with a label that doesn’t explain what it does at all. Thanks ever so much, Apple.


  8. I went back and read the MDN take. MDN wants to pass the buck to Apple but it is in fact MDN who partners with ad hustlers that do this. IMO blaming Apple for your business decision to partner with ‘rogue’ advertisers is not Apples fault. Sorry MDN love your site and MDN takes but you are the one that makes deals with advertisers for your site, not Apple.

    1. Yeah, you’re wrong. This issue has and continues to affect nearly ALL major ad networks, from AdSense on down. It’s not MDN’s or any website’s fault at all.

      As MDN explained quite well and clearly, the blame rests with the ad networks for lax security and with Apple for not doing more to address this issue. Clearly Apple knows they have a responsibility as they’ve tried to block this in the past.

      I’m tired of people like you wrongly affixing blame. You have no fscking idea what you’re talkign about. Stop making things up. Your opinion is meaningless vs. actual facts.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.