[egocentric]

You’d think!

This is not just possible, it's actually extremely easy to do.

Hoping to share a proof of concept soon.

[m-p-3]

Any app developer tampering with this should get their app pulled out of the App Store, this is unacceptable.

[mixedCase]

Yes. And it's even more unacceptable that the system is vulnerable to this kind of tampering.

[alkonaut]

Yes. The review dialog should be shown by the system and the app itself should have no way of tampering with it.

This should be the case for all such interactions, including permissions, image library selection etc.

I realize APIs are hard to change but this is one of the cases where I think Apple should just fix it even if it bricks well-behaved apps until they can be patched (which could be never).

[eschaton]

No, it’s not.

[egocentric]

What is not?

[eschaton]

“Even more unacceptable…”

It’s not more unacceptable for an exploit to exist than it is for the exploit to be used. One is a risk, the other is actively attempting to do harm.

[tinus_hn]

It’s cheating so they should have their developer account banned with all their apps.

[bfuller]

knowing how dealing with the ios support goes, i doubt this will happen any time soon.

[objc]

I'm surprised this alert isn't presented from SpringBoard to prevent tampering

[naikrovek]

are they putting transparent UI elements over the rating dialog and absorbing the taps? that's happened before in other platforms. not mobiles, but web browsers.

[goldenkey]

Yes but even Microsoft got the UAC dialog right...no user mode program can hijack it. For a company like Apple, this is laughably bad.

[WesSouza]

Can you describe it in words before the proof?