Regarding web ads redirecting to the App Store

We've gotten complaints about this — and experienced it ourselves — for what feels like a couple years. Something causes a web page, when opened, to immediately redirect you to the App Store, almost always to the listing for a popular game. Maybe the perpetrators are hoping you're so enticed by the game you download it even after being hijacked, so they'll get some revenue, direct or affiliate. But it deplorable and, even after a couple of years, it's unclear how and why it keeps happening.

Apple patched Safari iOS 8 in an effort to prevent just this kind of behavior from happening. It slowed things down for a while, but other methods of circumvention certainly seem to have been found. The original assumption was that it was caused by bad-actor ads inserting code to bust out of their frames and force a redirect to iTunes. Now it seems like it's more complicated than that, because it also seems to be happening on sites without any ads capable of doing that.

Jason Snell recently wrote about it on Six Colors as a follow up to Ben Mayo's post from 9to5Mac. Here's what Jason had to say:

If Mayo is seeing this behavior on Six Colors, though, we have to assume that something else is at work, such as:

  • Exploitation of a bug in Safari that puts the browser in a particular state even after it's left a page contaminated with that code
  • JavaScript firing in a different Safari tab/window, making Mayo misapply blame for the behavior
  • Interception and rewriting of page code by a carrier, ISP, or even a compromised wireless router

It could be all of the above, and more. It could be a complex attack with elements in ads, caches, browser exploits, compromised routers, bad ISPs or carriers, or bad certificates on devices.

Certainly it's the responsibility of ad brokers to make sure they never approve any ads containing any code that behaves this way, and of sites like iMore to make sure we ban anything that gets through. It's still a wild web out there in many ways, however, and some brokers and sites might be okay with this kind of behavior.

If it really can persist beyond the original point of contact, it might be worth checking to see if it's left anything behind. To see if you have any profiles installed on your iPhone or iPad you can't account for, go to Settings > General > Profiles (at the bottom). If you're experiencing the problem, you can also try wiping your Safari cache. That's in Settings > Safari.

We'll keep looking into it, and I'm sure others will as well, and update when we have more information.

Rene Ritchie

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

  • I've had a few of these annoying redirects. And I know I'm fairly conservative in how I use the web. I'll try the suggestions in the post to see if it makes a difference.
  • An obvious answer would be for Apple to ban apps that use these ads (or penalize them/block referral revenue) so there's no benefit to them.
    It may well be that the games companies who have these ads showing their games don't have them by plan but their advertising is farmed out to so many advertisers and affiliates that they can't spot when one of them uses some dodgy tactics but ultimately it's the responsibility of where the money is going to block the ads or take the hit of penalties. (Same for Google advertising on pirate websites but that's a different matter).
  • If it's the app maker doing it directly, that'd work. But often it's a third party directing you to Clash of Clans so they can get affiliate revenue from the App Store. In which case, it's not the fault of the app maker. Part of what makes it such a tough problem.
  • Yup. I believe Apple may count it as a breach of the T&C and in theory the app developers are avoiding advertisers who do this but in the case of the big spenders an ad campaign can be spread across multiple advertisers (who may themselves use others as affiliates. ). However, all install based ads have tracking info to credit whichever advertiser got the install so it should be possible for publishers to break links with offenders if it's actually hurting them in their pockets. (Rather than the current degree of plausible deniability)
  • If Apple were to penalise the app authors who get redirected to, it would enable an attack vector for competitors trying to get at the opposition in the app store.
  • You're missing the fact that it's not apps that are doing this. It's websites. Sites viewed in Safari. So who exactly would Apple penalize beyond themselves?
  • It's advertisers who are doing this, not the websites (the sites are penalised already by their users being annoyed by the ads). The advertisers are acting on behalf of the app developers and it's the app developers (and advertisers) that benefit from these, so it's them that should be penalised.
    While it's true that competitors could attempt to use a ban on these ads as a way to harm a developer, these ads are tracked, so anyone trying this would be likely to get caught out and sued for fraud/defamation and potentially even trademark/copyright issues for using the developers artwork.
  • I found this to be a huge problem on the description pages of Cydia (the "Jailbreak App Store") apps, which usually contain ads. It got really bad, very often when reading an app description, the App Store app would suddenly open on some random game page. Eventually, I installed a jailbreak tweak that prevented this kind of thing from happening. Nowadays, it seems Cydia has a built-in detection of those redirects which at least results in a pop-up prompt that asks if you really want to switch to the App Store or cancel the redirect.
  • The only redirects I have had were my fault, at least partly. I always go back and look at what may have occurred. I always find where I tapped by mistake. But they do place those spots where it's easy to do, especially with fat fingers.
  • Most of mine are this way too. Self made errors. But there are a few others too.
  • @rene The "edit" button does not work on mobile. I had to take it to the full site in Safari to edit my comment.
  • Thanks, I'll let our tech team know!
  • Another thing to tell them. The crazy pop up adds on this site(safari) I know you get adds, but if you do not hit the x just right it goes to another page leaving iMore. Sent from the iMore App
  • It bugs me less on mobile safari than when in WebViews in an app - particularly in articles clicked from and read within Twitter Sent from the iMore App
  • Glad to hear this problem is receiving some attention. This is by far one of the most annoying things I've experienced since switching from my Galaxy Note 3 to iPhone 6 Plus. I never ran into this issue with Android.
  • Extremely annoying, and generally does not have the impact I think they are hoping for.. I usually cross that app off my list of to-use.. As you said Rene, the issue is the person that did it is quite possible not the App Dev, but the person after the ad revenue. Which sucks, but how else do you deal with it but boycott the apps that are 'allowing' it to happen. hard choices.
  • The web browser in the Facebook app seems to have this problem sorted out by asking the user if they want to be redirected outside of Facebook. It boggles the mind how Facebook has figured this out and, years later, Apple seems unable to stop this in Safari. It seems simple enough. If the link tries to open another app, ask the user if that's what they intended. I've never been successfully redirected out of Facebook without my permission.
  • Speaking of annoying ads this site. One at the top, one in the middle that evey now and then takes up a whole page, a floating one at the bottom with a little "x" too small to hit without a redirect. But yea even here I've found myself looking at the candy crush landing page more than once
  • As a visitor to this web site for many, many years, I have to agree. It's tolerable, but still annoying.
  • I've had enough with those ads and this practice should be banned. Sent from the iMore App
  • Yup this happens. It's annoying. Hope it gets fixed. Sent from the iMore App
  • Does this happen with only Safari or all browsers on the iPad/iPhone?
  • Anywhere where their are ads. Posted via the iMore App for Android
  • I love no ad redirect and other similar tweaks on Cydia that removes this annoying feature. Posted via the iMore App for Android
  • My I Phone is about a year and a half old. It has no "profiles" "at the bottom" after clicking through "settings" and then "general". Also emptying the cache dies not work. Nor does turning the phone of. It would be nice to have soneone writing these articles who knows a little more. Thanks.