Regarding web ads redirecting to the App Store

We've gotten complaints about this — and experienced it ourselves — for what feels like a couple years. Something causes a web page, when opened, to immediately redirect you to the App Store, almost always to the listing for a popular game. Maybe the perpetrators are hoping you're so enticed by the game you download it even after being hijacked, so they'll get some revenue, direct or affiliate. But it deplorable and, even after a couple of years, it's unclear how and why it keeps happening.

Apple patched Safari iOS 8 in an effort to prevent just this kind of behavior from happening. It slowed things down for a while, but other methods of circumvention certainly seem to have been found. The original assumption was that it was caused by bad-actor ads inserting code to bust out of their frames and force a redirect to iTunes. Now it seems like it's more complicated than that, because it also seems to be happening on sites without any ads capable of doing that.

Jason Snell recently wrote about it on Six Colors as a follow up to Ben Mayo's post from 9to5Mac. Here's what Jason had to say:

If Mayo is seeing this behavior on Six Colors, though, we have to assume that something else is at work, such as:

  • Exploitation of a bug in Safari that puts the browser in a particular state even after it's left a page contaminated with that code
  • JavaScript firing in a different Safari tab/window, making Mayo misapply blame for the behavior
  • Interception and rewriting of page code by a carrier, ISP, or even a compromised wireless router

It could be all of the above, and more. It could be a complex attack with elements in ads, caches, browser exploits, compromised routers, bad ISPs or carriers, or bad certificates on devices.

Certainly it's the responsibility of ad brokers to make sure they never approve any ads containing any code that behaves this way, and of sites like iMore to make sure we ban anything that gets through. It's still a wild web out there in many ways, however, and some brokers and sites might be okay with this kind of behavior.

If it really can persist beyond the original point of contact, it might be worth checking to see if it's left anything behind. To see if you have any profiles installed on your iPhone or iPad you can't account for, go to Settings > General > Profiles (at the bottom). If you're experiencing the problem, you can also try wiping your Safari cache. That's in Settings > Safari.

We'll keep looking into it, and I'm sure others will as well, and update when we have more information.

Rene Ritchie

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.