About mobile application sign-ups and sign-ins
A few days ago I downloaded this brand new mobile app from Google Play! and when I started that freshly installed app, it asked me to sign up. I didn’t think twice, I just switched to another app and never came back!.
Obviously, Signups/ins in mobile apps are much less convenient than in web apps, people normally hate to feed their emails and password on this touchy keyboard, it’s just awkward!
Then I thought. “Why do we need signups/ins in mobile apps?!”
A very simple question then came up, 99.99999% of mobile users (especially smart phones) are single users, this means that it’s only one person who is using the phone all the time, it’s very weird to find a phone that’s used by two guys!
Why can’t I enter my information once, and all my applications simply access those info to know who I am? Think of single-sign-on for mobiles, I unlock my phone once and all apps magically get access to my name, email, photo. No authentication is needed per application, no password is shared between applications, the mobile phone authenticates on my behalf.
Wouldn’t that be so cool?
Technically your information is already there. Operating systems should open up UUIDs or something similar, and perhaps coupled with a smart authentication method, give applications read (maybe write too) of the user data.
It’s sad they’re not uniting on this.
i think this will raise a privacy concerns. what about apps that sync your data through different platforms ( iOS, android, Web)? i think the closest thing to your idea is OpenID.
Access to your information can be limited to your basic info, (name/mail/photo) and other info can be with explicit permission. At least it’s very easy for the user to approve a permission request than to enter login info.
The main reason behind signing you up, is to identify you, not to get your information.
Some apps -although almost all of them are doing this for no good reason – needs to know who you are so unless the solution you provided have something that uniquely Identifies you and authenticate who you really are – username/ password or a key – it wont work, and what if some of the apps contains sensitive data, I can easily make an app that collects your info and access it.
What I really think , it depends on what are the services the app providing and what kind of data it’s keeping.
Authentication is done on the mobile side, if you trust the mobile has authenticated you then you don’t need to worry about it. getting your information is basically to customize the application experience based on your profile info (your photo and maybe location)
For sensitive-data applications of course they can have independent secure scheme, maybe additional authentication, but that’s always a special case. how many apps do you have that require such scheme!
So, I see that authentication is not the mobile app developer responsibility, it’s the responsibility of the mobile OS, it authenticates you once and keeps authenticating on your behalf in all applications.
I think it’s a good idea provided I can give explicit permissions for every little piece of information. I think a system like the autofill in web browsers would be more appropriate since it gives the same effect.
I do the same thing but I don’t do it just because it’s a hassle to type my email and password. I mostly do it because of private reasons.
Companies consider their databases as assists. When a company falls down and fails, they tend to sell this info to advertisement and insurance companies. Since most apps are provided by small companies that have a big chance of not succeeding as much, I wouldn’t want my information there.
If you’re interested in the security side of it. There is a professor in University of Ottawa that does a lot of research on authentication by providing only the needed information encrypted properly and securely. His name is Prof. Carlisle Adams.
Use Facebook SDK SSO