Yup. The only way to implement Facebook login is through the SDK, so unless you are willing to give up all your users that use Facebook login, you are stuck with the invasive, crashing SDK.
Yes, requiring the SDK to implement Facebook Login is the decision that's being criticized. Facebook encourages SDK usage obviously for the data collection it enables, but even they provide an OAuth-only login flow that doesn't require the SDK at all: https://developers.facebook.com/docs/facebook-login/manually...
Then don't implement Facebook login in your app, unless SDK becomes adapted to make its use GDPR-compliant. It's really a problem between you and Facebook at this point.
Thanks for clearing that up. I wonder if developers actually know they are signing up for this when blindly dropping in the SDK, just to support FB login.
I’m surprised most popular apps haven’t learnt their lesson since this happened last month as well.
It seems Facebook mandates the use of the SDK if apps wish to provide 'Login with Facebook' functionality. My question is this - Why would any company include this SDK, which is basically spyware into their apps, simply in order to have a slightly easier login flow? Is implementing a user authentication system really so complicated, that you guys think it is okay to give away control of your users, and even your app's ability to even startup without crashing, to a third party company over whom you have no control, who has no obligation to not break your app at their whim?
My point is that some users want Facebook or Google login and get mad if you don't have it. Other users don't want them and get mad if you do. Because you have to decide whether to include the SDK when you build the app, it's impossible to make both groups happy at the same time.
As pointed out in the article, not using the SDK does not preclude authenticating with a Facebook account. It just requires a bit more work on your end to protect your non-Facebook users.
Actually, developers are only forced to implement it _if_ they support logging in with other social auths.
A big problem of many apps is that they only had a "log in with google"/"log in with facebook" button, which is very problematic for people who have neither.
On Android this is more acceptable since you need a Google account for the OS itself anyway.
They clearly aren’t saying FB login is bad (or they’d just disallow it). They are saying “we want in on the game and we can force it on you.”
I happen to have an app out there which we maintain security updates but aren’t adding new features. It was built with a FB login option. So now we either never update or have to implement features we don’t care about.
this is not how real life works, you don’t get to choose all the features and you can’t quit jobs every time you’re asked to integrate a sdk. also, you are suggesting that it is a good option to drop support for all the customer accounts that have used fb login, this is silly.
sometimes i wonder if you people lost all the connections with the reality... or if you were ever employed.
You can't really blame developers for this. Most aren't integrating SDKs for no reason at all -- they're integrating them because users are asking for a feature the SDK provides.
For one app I worked on, we made a decision not to include Facebook or Google login and only support email/password login, specifically to avoid leaking information.
A subset of users was not pleased at all -- and they sure let us know about it. Maybe around a third of our support requests were asking for third-party sign-in. People often made privacy arguments in support of it: they'd say "why do I have to give you my email address to create an account?" (though usually much less politely). And they kind of had a point. You may trust yourself more than you trust Facebook, but most people are going to trust Facebook more than they trust [random developer].
Anyway, it takes a lot of effort to deal with these support requests, it sucks getting yelled at (even in text). Some of these users probably went on to give the app a 1-star rating, and just a small percentage of those will really drag down your overall score. Dealing with this was not fun. It would have been much easier to just add FB or Google login.
Login is a big thing but if I can get away with it, I'll simply use a web view Facebook authentication instead. Adding all that framework weight for something the average user only uses once and will be a jarring experience from the rest of the app no matter what you do is not worth it to me.
I think the point is that lots of non-facebook apps could implement non-facebook login and avoid Facebook all together but they don't for various non-technical reasons.
reply