Closed
Bug 1448153
Opened 8 years ago
Closed 2 years ago
The post-update flow for installing Firefox mobile seems like malware hijacking
Categories
(www.mozilla.org :: Pages & Content, enhancement)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: dietrich, Unassigned)
References
()
Details
My wife got a Firefox update and went through a flow that she found exciting and then confusing and then scary... and finally just bailed out of.
Here's the flow:
* Update Firefox, yay!
* After restart, see a page with a QR code and some text about installing mobile (see notes about this specific page below). Well, ok cool. She knows she's already got Firefox iOS installed, but she thinks maybe it's something different, so she's game.
* Open iOS camera and aim at QR code. (I don't know how she knew to do that - it's a new feature in iOS 11... I asked, and she didn't know either. She just thought she'd try it.)
* Get a notification overlaying the camera view, which looks like this: https://i.imgur.com/Lv3ySCr.png. What is app.adjust.com? Ok, she's thinking this is a bit dodgy now - clearly not a Firefox or Mozilla thing, and she bails out and asks me wtf is going on.
I get the original URL from her and start from the beginning on my machine and my phone, to verify it's the same experience (it is):
* Oddly, the URL at this point is https://app.adjust.com/2uo1qc?campaign=whats_new&adgroup=QR Code&creative=59_Experiment. You can only see the FQDN, per the screenshot above though. Not that it would matter to see the whole URL, because nothing in there says anything about Mozilla or Firefox.
* So next, the page opens in Safari, screenshot: https://i.imgur.com/3F9G4oa.png. Again, it looks nothing like Mozilla or Firefox - says "Adjust, GmbH" in Safari's URL bar, and the page says "DOWNLOAD APP" - nothing about Mozilla or Firefox. None of our branding, no visual cues that this is *safe*. WE'RE ASKING THEM TO INSTALL RANDOM SOFTWARE, WTF. We've worked for eons to *stop* people from doing exactly this!! Ok, sorry... my rage has subsided a bit now.
* If you make it this far, you get redirected to the app store, which is the first time we see anything related to Firefox or Mozilla.
This type of haphazard experimentation with real users *ruins* trust in Firefox and in Mozilla. It flies in the face of everything we've been building in the area of security UI and software installation.
Ways to vastly improve this flow:
* Document the whole process visually on the original desktop landing page. Let the user know exactly what's going to happen after scanning that code. Even if you don't fix all the branding and visual identity through the flow, you'll at least be letting them know that us asking them to open "adjust.com with Safari" is *expected*.
* Use a redirect! Send the user to a landing page called "install.firefox.com" (or whatever) that redirects to the adjust.com stuff if you want. Just make it look like it is *us*.
* If we *have* to use an adjust.com landing page (which we probably don't even want to encourage), then make it branded. If adjust.com can't handle making a branded landing page, we should be running far away from them.
If we think it's ok to send real users of the release channel to an unbranded off-domain landing page to INSTALL OUR SOFTWARE, we should really be seriously examining the judgement of whoever put this experiment together.
Regarding the page shown in desktop after updating:
* URL: https://www.mozilla.org/en-US/firefox/59.0.1/whatsnew/?oldversion=58.0.2
* Screenshot: https://i.imgur.com/hsEd3U7.png
* This page should not be shown if the user is currently logged into sync and has a mobile device connected. For example, if I load the URL in my browser it says exactly that same thing, even though I already have Firefox on both Android and iPhone hooked up with sync.
* The page should be clearly a landing page for installing the mobile app - for example, mention iPhone and Android and have the logos visible, as visual cues that users expect for native mobile app onboarding flow.
* We should have links to the app stores, as an onboarding method for people who cannot get the QR code flow working.
* There are no instructions for scanning the QR code. We should "if you have an iPhone, just point your camera at this", for example. For Android, the camera doesn't support QR code scanning, so we should recommend apps to install for doing this.
|
||
Updated•8 years ago
|
Product: Firefox → Firefox for iOS
|
||
Comment 1•8 years ago
|
||
This is nothing we can fix in Firefox for iOS; this is a growth page, so I'm punting it over to www.
It uses Adjust to track clickthrough success. Clearly that's a sub-optimal experience; Bryan Bell complained about this on Slack last week. I don't know if redirects through to Adjust work correctly, so there might be tension here.
I'm not sure who should work on addressing this, but I expect Alex knows who to ask…
Component: General → Pages & Content
Flags: needinfo?(adavis)
Product: Firefox for iOS → www.mozilla.org
Version: unspecified → Production
|
Reporter | |
Comment 2•8 years ago
|
||
Ok, thanks for the background, and for refiling this to the right place Richard!
|
|
||
Comment 3•8 years ago
|
||
@dietrich - following up here from our Slack convo. We're looking into the Adjust/branding experience now, thanks again for that heads up. We are getting the others into our retro for adjustment in the next experiment.
@jenny/@eric - the reco's I mentioned for the deep dive and retro.
Flags: needinfo?(jdouglas)
Flags: needinfo?(erenaud)
Flags: needinfo?(adavis)
|
|
||
Comment 4•8 years ago
|
||
I booked a retro for this project this week and we will come up with an action plan to make sure this doesn't happen again.
Thank @deitrich for letting us know!
Flags: needinfo?(jdouglas)
|
|
||
Updated•8 years ago
|
Flags: needinfo?(erenaud)
|
|
||
Comment 5•2 years ago
|
||
Adjust is gone from www.mozilla.org, closing this as FIXED
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•