Are Facebook App Permissions and Facebook Login Causing You to Lose Business?13 minutes
With the recent exposure of the National Security Agency’s Prism program, we’re all left wondering what information the United States government has collected about us. If the NSA plopped down a manilla folder in front of you, would you be scared to know what information was in there?
One company at the major forefront of this scandal is Facebook, who denies involvement in the data-collection program, even though whistle-blower Edward Snowden said this claim was “misleading”.
As citizens, this is frightening.
As consumers, this is old news in a sense. On the consumer web, the proliferation of the Facebook login button started several years ago. After all, it’s convenient, right?
What started as a novel and convenient way to access a website with one click, quickly turned into a required action to access many new sites and apps.
As one-click logins transition from being a convenience to a requirement, users have started to question the sincerity of Facebook login. It becomes a transaction where the user gains access at the cost of their own privacy. Is the value of accessing a site worth the perceived cost of providing access to your personal data and potentially violating your friends’ trust?
Aside from privacy, there is also a data issue with Facebook login. If you one day decide to delete your Facebook account, you’ll lose access to your accounts on every website or app you signed up for using Facebook login.
What is Facebook login?
Facebook login allows you to use your Facebook account to sign into other websites and see what your friends are doing across the web.
What are Facebook app permissions?
According to Facebook:
When someone connects with an app using Facebook login, the app can access their public profile and friend list — the pieces of information that are visible to everyone.
Each other piece of information that someone adds to their Facebook profile is secured behind permissions, and there are several different categories of permissions used.
Check out this interesting Facebook infographic that shows just how much access apps have to our Facebook accounts.
What information is collected through Facebook login?
When you sign in to a website using Facebook login or you install an app, you should see a dialog box that asks for your permission to grant it access to certain information. According to Facebook, you are giving these apps permission to access your:
Public profile, which includes your name, profile pictures, username, user ID (account number), networks and any info you choose to make publicly available.
You also give the app other info to personalize your experience, including your friends list, gender, age range and locale.
Keep in mind, most websites and apps that use Facebook login need more than just your basic profile information, so you can expect to be asked for your email address too, at the very least.
What does this all mean?
Quite simply, if you use Facebook login, you’re allowing websites and apps to access your personal information. You may or may not care about this — that is up to you. Remember though: if you use Facebook login all around the web and with various apps, be very careful to backup or download your data from those websites, just in case you delete your Facebook account or for some reason it gets removed.
I like being able to log in quickly with Facebook login, but many websites ask for additional information so you end up just using the plain old e-mail registration form. Moreover, I have found that when I remove an app on Facebook, the app may delete my account and data. I once removed the Scribd app because I did not think it was necessary to have it, not realizing that Scribd would automatically remove all of my documents. I contacted them but they told me they have no way to restore documents.
How do I know which websites and apps have access to my data?
To see which websites and apps you have used Facebook login with, and what information those apps have access to, simply sign into Facebook and go to account settings.
On the left hand side, click Apps. You should now be able to see which apps have access to your information and what type of Facebook app permissions you have granted.
Click Edit on any app listed and you will see This app needs and This app can also. This app needs means that the app needs that information to function properly. This app can also are the additional permissions you have granted the app. You can click the x next to each permission if you no longer want it to have that access. If you no longer want the app at all, click Remove app at the bottom. Remember, if you have data on these sites, be sure to download or back it up before removing the app.
So what does this have to do with losing business?
Initially, Facebook login was a great tool. You no longer needed to sign up for websites or apps because you could easily just connect your Facebook account to the website or app with one click (and you still can).
But with privacy concerns becoming an increasing issue, and with the amount of data that any website or app can collect from you with one click, users have started to migrate back to traditional sign up methods.
If Facebook login is the primary way to log in to your website or app, you could be losing more users than you’re attracting. At the very least, make sure you have an alternate sign up method. In fact, I would recommend making Facebook login the secondary sign up method behind the traditional email/username form. You can also A/B test your sign up methods to see which one brings in more users.
Facebook login survey
I surveyed a few different audiences to get their take on Facebook login to see if my beliefs stack up. The survey takers were developers, designers, entrepreneurs, business owners, moms, dads, and normal everyday online consumers who may not know a lot about how this whole internet thing works.
Do you use Facebook login on websites so you can easily sign in without having to sign up?
51% said yes, 49% said no. So a little more than half of the people we surveyed said they do use Facebook login because it is convenient.
Interestingly enough, I posed almost the exact same question at the end of the survey, but added a little bit more information.
If you try to sign up for a website that requires Facebook login and it wants access to your basic profile information and email address, what do you do?
This time, only 38% said they use Facebook login. 62% said they either don’t sign up or they look for an alternate method of signing up.
I was curious to see just how well-informed people are about Facebook login, so I asked:
Are you aware that by using Facebook login you are giving websites and apps access to your personal information (name, profile pictures, username, user ID (account number), friends list, gender, age range, location, networks and any info you choose to make publicly available?)
72% of people surveyed said they are aware of this, but 28% said they had no idea.
Sweepstakes entry via Facebook login
Many sweepstakes utilize Facebook login as the main method of entry, so I asked:
If you try to enter a contest or sweepstakes that requires Facebook login or where you have to add an app, what do you do?
33% said they will enter, 33% said they will not enter and 34% said they will look for an alternative entry method. That is an overwhelming 67% of people that may not enter your sweepstakes. When it comes down to it, make entering your promotion as easy as possible (ex: require just an email address) and provide Facebook login as an alternative method of entry for those who want to use it.
What do people have to say about Facebook login?
I talked to several business owners and consumers about websites using Facebook login. A few of the responses are below:
As a social media consultant, I have long been cautioning people about Facebook login and the way it “juices in” people to Facebook. Many people who want to quit facebook find they can’t, as they lose their log in method for other sites.
Social Media Strategist
I have an online business, and separate from that I have a cause, and then there is my personal life. Facebook tries to merge them all, which annoys friends, confuses customers, and muddles work on the cause. So, I keep my purchases, music listening habits, art gallery browsing, and other such data separate so that it doesn’t become one big muddled mess.
I run several websites totaling a couple million users. All of our websites and mobile apps are social in some way so we encourage Facebook login but we don’t require it. We only have 25% of users who use it! We couldn’t believe this number. I guess people just don’t trust using it as they don’t want their personal information out there or they don’t want certain things showing up on their feeds.
I absolutely hate when websites or mobile apps force me to use Facebook login and I never do it. I don’t want Facebook to collect (and then sell) information about me. Plus, many people are closing their Facebook accounts, so if you are a site
owner, you need to also provide a way for people to create regular accounts, and that causes a bit of a mess in the database because the same person can have two accounts, and usability becomes convoluted.
When I follow a link only to discover that I am redirected in order to give someone else access to my email address, Facebook friends, etc., I will immediately click “cancel” in order to stop the process. Not only does it feel like an unnecessary invasion of my privacy, the email address I use for Facebook is the one I use for family and friends – not corporations who may feel the need to update me on their product offerings or provide my information to their business partners.
Website owners are increasingly looking at Facebook login for their social media marketing efforts, which can be extremely effective with how much personal information it grabs from users. But, the problem is that there is a lack of privacy that Facebook users receive with Facebook login. I’m OK with the use of Facebook login, but I would like Facebook and websites to make it clearer to users what information is being used and how it is being handled by both parties.
Why Facebook login isn’t the best way to build your email list
A recent Facebook bug exposed the email addresses and phone numbers of 6 million users. I spoke with Taylor Wakefield, the Founder of Mailgun, about this Facebook bug. Mailgun is a service that allows developers to easily send emails from their apps. Taylor said,
When our customers use Facebook as a customer acquisition tool they inevitably end up with a large amount of bad email addresses, leading to a poor email sending reputation or worse. An issue we’ve seen is when companies try to email the users they have acquired through Facebook and they end up having very high bounce rates (>10%) on those emails, putting their IP address and domain reputation at risk.
When a user signs up to a website or app with Facebook login, the service pulls the user’s primary email address from their Facebook account. Since most people signed up for Facebook years ago, it is very likely they no longer have access to the email address they signed up with. Personally, I signed up in 2007 with my college email address, and that is still the primary email address on my account, even though I no longer have access to that email.
Facebook login spoils a product launch
Neil Joglekar recently launched a new service called Let’s Be Amigos. The premise was, making friends online can be hard so Let’s Be Amigos will match you with strangers that have similar interests, and the service will coordinate an off-line activity for you.
Neil and his team posted a thread on Hacker News to get some feedback and show off their hard work. Unfortunately, there was an immediate backlash from the Hacker News community because Facebook login was required to use the service. The top two comments on the thread were:
Whenever I see a button that says “sign in with Facebook,” I just close the tab immediately. Am I the only one who does this? What’s wrong with just having me fill out a survey of my interests if that’s what you want?
I don’t understand how people even get it into their heads to immediately ask potential users for direct access to my private information?
Neil ended up writing a post on his own blog two weeks later, explaining what they did wrong, what the thinking was behind the use of Facebook login, and what they have done to fix it.
More importantly, Neil said that using Facebook login as the only method of signing up gave them product issues:
The email people used to sign up for Facebook was not one that they checked every day (which is especially important if that’s how you want to schedule events).
Tyler at Mailgun noticed almost this exact same issue that he was seeing with his own customers. To fix this, the team at Let’s Be Amigos decided to allow people to register through a regular form, with the option of using Facebook login to pull user data.
According to Neil, this new change has been more effective.
Is Facebook login the right choice for your site or app?
The current atmosphere of the web indicates users are growing more concerned with their privacy and are beginning to protect their personal data more actively. This includes opting for signup forms that afford the user more control over their information versus using more “convenient” social login buttons from Facebook.
Encouraging your own users to log in via Facebook can be detrimental to your business as well, scaring away wary users and positioning yourself for closer scrutiny by email services concerned with bounce rates and domain reputation. Our rudimentary survey shows users prefer not to use Facebook login or they look for an alternative method, such as a traditional login form.
As always, there are two sides to every story. Facebook login could work for your business, like it has for Waze. Remember, it’s all about testing. Instead of choosing one method over the other, run A/B tests to see which one works best to grow your business.
What do you think about Facebook login? Do you use it? Let us know in the comments.