It's time for app developers to fall out of love with Facebook Login

Back in 2009, Facebook unveiled Facebook Connect, a new feature for website and app developers to implement for users signing into apps. By simply tapping the "Connect with Facebook" button, it lets new users skip the account creation step and use their existing Facebook accounts to quickly and efficiently get started with a new app.

It was a breakthrough feature for Facebook at the time, designed ostensibly to make it easy for consumers having to memorize dozens of account passwords for each app you use. In turn, by sharing your Facebook data, app developers are able to better personalize the experience using your profile information and friends list to, as Facebook states in its developer guide, "build value by connecting people together".

And in the nine years since its initial implementation, we've seen just how valuable the renamed Facebook Login service and the data it aggregates for developers has become. A staggering number of apps and games offer that familiar blue button as a simplified way of onboarding new users with just a few taps, all while quietly skimming their profile for relevant personal information and contact lists.

We've seen Facebook account data used in apps to effectively target potential voters in both the 2012 and 2016 U.S. Presidential Elections, with the latter causing more than a bit of controversy for Facebook over the last month.

Which brings us up to today in 2018, with Facebook set to facing questions in front of Congress in the coming weeks regarding how it allowed the personal data of over 50 million Facebook users to pass through a third-party app and into the hands of Cambridge Analytica, a British political consulting and data analysis firm alleged to have used the data to target specific Facebook users with messages designed to stoke anxieties and personal biases all in an effort to support the Trump presidential campaign.

  • READ: There is 'good' data collection and then there's Facebook, and you need to know the difference

Subtle Conditioning

Politics aside, the scandal around Facebook's handling of user data has convinced many to consider deleting their Facebook account altogether — but that has proven to be easier said than done. Facebook has been wildly successful at becoming the go-to place for keeping tabs on your friends, and because of this, it's also a really effective tool for app developers looking to use your network of friends to build out its own user base faster than otherwise possible.

Facebook highlights over 60 apps on its developer site that have successfully implemented Facebook Login to great success, whether to create better user engagement and make it easier for them to convince you that so many people you know are also using the app. If you know you're among friends using an app you're probably going to continue to use that app moving forward — it's essentially an extension of the sticky way Facebook keep you coming back for more, and it's an incredibly efficient way for app developers to instantly collect a pool of data for any new user that signs up.

Part of the reason Facebook Login is so effective is that it's straight-up easier than filling out a unique account form every time you download a new app — because let's be real, no one enjoys filling out forms. In that way and depending on how your personal data is manipulated, Facebook Login could almost fall under the category of a dark pattern — a method for websites or apps to get you to give up more information than is required by playing on assumptions.

Over time, seeing that "Connect with Facebook" button on every login screen conditions us to avoid the hassle of creating a new account by simply tap through to Facebook. This system works be fine as long as there's a circle of trust built between Facebook, the app developer, and the end user. We blindly allow Facebook to grant the app access to some of our data under the conditions that they're only accessing basic information and that we are ultimately in control of the data being shared. It capitalizes on our need for immediacy and a frictionless experience using our smartphones and is anchored by the understanding that Facebook supposedly cares about protecting our privacy.

Over time, seeing that "Connect with Facebook" button on every login screen conditions us to avoid the hassle of creating a new account by simply tap through to Facebook.

But it's fair to say that Facebook should be less trusted today than it was nine years ago. While we rightly should have been skeptical of Facebook's ability to keep our data secure from the outset, the latest round of scandals has further eroded the remaining trust between Facebook and its users.

By extension, people should be less trusting of connecting their Facebook account to outside apps — whether it's because you're afraid it will annoy your contacts with invitations to play a silly mobile game, or because it might try to eventually use your data against you in some nefarious way.

Just like we should all be doing our part to detangle our lives from Facebook's web, app developers owe it to users to divest in their reliance on Facebook Login. I'll use PUBG Mobile (opens in new tab) as an example here because it's wildly popular at the moment and also a particularly egregious example of how developers, too, can rely too heavily on Facebook Login. When you load up PUBG Mobile on your phone, you're given two options — play as a guest or login via Facebook. Creating a guest account seems to imply that your account is less-than-official or incomplete without linking your Facebook account. If you do create a guest account, you'll be greeted with the "Link your Facebook" account every time you log in until you finally relent. Once linked to Facebook, there appears to be no way to unlink the account so you're stuck with it.

It's one thing to offer Facebook Login as an alternative way to easily create an account, but to straight up not offer any other way to log in to an app or game is just lazy on the developers part, and speaks to the way Facebook has lulled us all into complacency.

Marc Lagace

Marc Lagace was an Apps and Games Editor at Android Central between 2016 and 2020. You can reach out to him on Twitter [@spacelagace.

  • This is a great read and honestly something all should read if they ever have used Facebook's login for anything. I use to fall into the same trap but realized a few years back luckily that I was being targeted with unwanted ads that didnt interest me in the slightest on Facebook, before my account was hacked. Immediately went through Facebook after changing my password and unlinked everything but Instagram. Filling out a new form for things I want an account to is tedious but it's much better than being plauged by hacks and breaches. Plus keeping all that log in info is a password keeper or even just G Notes isn't all that hard.
  • There are some games (Bejeweled Blitz and Jetpack Joyride to name two) that use Facebook Connect to facilitate cross platform saves (so you can pick up where you left off if you switch between Android, iOS and PC). Also, this "Connect with" method of signing up for things isn't just limited to Facebook. Twitter, Google, MS and plenty of others also have a similar "Connect with" function.
  • 100% this. I haven't had FB in years (ever since shortly after G+ became a thing). All my accounts are by email or as is the case with PUBG... "guest"
  • So, does that mean that Android Central will get rid of their Facebook login option?
  • I have never used "sign in using Facebook" whenever it was available. If anything it was always my Google account. And that doesn't even have a bunch of my info anyway.
  • i have never logged into anything with facebook account apart from facebook, i always get a username and password from the service itself, never ever use a third party.
  • IMHO, this is a perfect time for OpenID to make a comeback. Having a single login for multiple sites is exactly what it was designed for.
  • Honestly, I think it's high time for the media to stop spreading the panic. Contrary to this article, Facebook is not any more dangerous now than it was couple years before. Seriously, you make a claim that it was more trustworthy in 2009, whereas already 2012 elections were manipulated. At least back the statement with credible sources. It has never been trustworthy, not ever since it became so big that a Facebook account has virtually become a necessity. Whoever used Facebook Connect, or anything Facebook, without even considering the price has no one to blame but themselves. And Cambridge Analytica scandal does not change anything. Facebook's practices have always been shady, now they may actually tone them down to avoid mass departure of people. Deleting accounts now makes as much sense as buying Bitcoin in January. You've already been used. May as well keep enjoying the convenience.
    So yeah, think twice before using ANY service that gathers ANY data on you. Which is basically any service. Welcome to the future. Welcome to 1984.
  • This is really about being able to enjoy the internet without having to loop in Facebook on everything you do. Anyone who has left Facebook can name about five websites or apps that they simply can't use because Facebook.
  • Sure, people should have known what Facebook was doing, but, for many, this was a very abstract thing until now. So they've essentially just been jerked up by the collar and shown that willingly trading their data can have real consequences. While it's easy to say that they should have known all along, not everyomne can know everything from the very beginning, so, now that they are aware, many of them are questioning whether the deal Facebook is offering is really worth it. IMHO, if an app wants to allow people to connect with Facebook, that's OK, but that shouldn't be the only option. Give people choices. I understand that a small developer may not want to manage a user authentication system and would rather farm that out to someone else, but, if they feel the need to go that route, then they should at least give people multiple options. As I mentioned in another post, OpenID was developed for this very scenario, yet it was mostly ignored. It's still out there, so it should be used so people at least have another option.
  • I never voiced out my opinion on Facebook Connect mechanism as such. I agree that it's convenient (even I used it a couple times), and I definitely agree that it should never, ever be the only mechanism of logging in. And, to be fair, I never used such an app. But then, I don't use my phone half as much as typical people, I guess. Optimally, it should be standard account, FB and Google. So that if an app is shady, you don't have to link sensitive accounts, and use the 'spam' account on FB/Gmail or make an account. About the argument that not everyone could know, I disagree, however. Facebook has always been free. If there is a single thing that everyone should know, regardless of their intelligence, is that nothing is free. If anyone thought FB is just being generous by giving their service for free, they were naive, and so they should pay the price. It may sound harsh, but that's how it works.
  • Some of this is about security too though right? Maybe Facebook is worse than others due to data sharing, but I thought part of the point of logging in with bigger companies (facebook, Google, Twitter, GitHub, etc) was that they have more resources to spend on security than whatever small company you're making an account with. Aren't Oauth tokens from these companies much more secure than a hackable database of users (SQL injections and such) some startup tries to maintain?
  • I've always been a little skeptical of Facebook and it's intentions. Now it seems to have matured in to something almost diabolical in it's hijacking of our personal information.
    It may be time for Facebook to go by way of the Dodo (an extinct bird for you young ones out there) and let it die a peaceful death. If for no other reason than to make a point to others whom wish to use us without our knowledge.
    Please spare me it's all in the TOS b/s, sure it is if your an internet law attorney and can stand reading much less understand much of the legaleez none sense purposefully put in to confuse and bore the hell out of us.
    Of course the younger people reading this are gonna go yeah.. "So".. but in the long term it's your freewill being stolen for profit by others!!!
    "Stupid is, as stupid does"
  • I try to avoid the Facebook login for apps, but some games use Facebook to backup my progress. I would prefer they use my own cloud storage, but I don't have that option. Game data should be a part of my device backup, and a selective feature would be awesome. I had to restore my S8+ after the Oreo update, and it would've been nice to select a few things that would be restored to an otherwise clean install.
  • As I mentioned in my comment, that backup is often used for cross-platform functionality so that you can pick up your progress even if you switch platforms (from Android to iOS for instance).
  • It was very easy to delete Facebook. On a side note, everyone should have 2 Facebook accounts. One with real data that's never used to login to any 3rd party apps and is locked down. Another with dummy data that's used for whatever. Be creative with that 2nd account. Be whoever.
  • I agree wholeheartedly with this article. Interestingly, I was attempting just last evening to disentangle myself from Facebook. The instructions warn that if you have availed yourself of this Connect feature, you must go in and re-register with various apps. I admit that it was such a daunting task that I have postponed it. This article has given me increased resolve! Thank you.
  • I always use my good account to log in to apps that give me the options rather than Facebook.
  • I also hate Facebook login.
  • I refuse to ever deal with Facebook again. I saw that this used Facebook instead of Google Play for the login and I deleted the game. They want my business, they ditch Facebook. Goes for everyone.
  • And here you have Waze going only with Facebook connection for friends.