The Dangers of Relying on Facebook

I wanted to share a short post-mortem on our recent Facebook difficulties.

Our app Pixamid is heavily reliant on Facebook - so much so that unless a user logs in with Facebook, the app is almost useless (it will still take photos and save them to the iPhone, but no magic whatsover).

We knew that by only supporting Facebook identities, we would lose some users. But the advantages for us (ease of implementing Facebook’s Single-Sign-on, the access to both a user’s social graph and a limitless photo store, and the nearly ubiquitous nature of Facebook) were huge, so we decided early on to start with Facebook-only.

We went ahead and built our app with this reliance. Users could only log in with Facebook, every photo that was taken was immediately uploaded to Facebook, users could tag their Facebook friends to share photos only with them.

We launched quietly, and started building a small but happy user base. We heard great things from users, and lots of great ideas on how to improve Pixamid.

Then, disaster struck. Facebook deleted our Facebook app, which was used by the iPhone app to store uploaded photos. Our smart camera became dumb again - the app was completely broken.

We had received no warnings from Facebook, and tried desperately to get some answers. An ex-Google colleague of mine is now at Facebook, so I got in touch. He was responsive, and promised to look into it.

The answer I got was curious. He was told that we *had* been notified on some issues, so we re-searched all of our e-mails, but could find no communication. From there, I did not hear back on a request to get copies of these supposed communications, and our request to restore the app obviously went nowhere

So we figured we did something that caused some users to complain, and we thought about what that could be. The most obvious thing (and only plausible) explanation was the photo upload process.

Pixamid uploads user photos to an album on Facebook which Pixamid creates. We set the privacy on this album to Private, so it is visible only to the user themselves. We retrieve these photos within the app to show the user, and we also retrieve them for friends you have chosen to share with.

The problem we identified: when we uploaded a photo, it generated a wall post on the user’s wall. This post had the same privacy as the album, meaning that only the user could see it. But of course, the user was not expecting the photo to be posted on their wall, and it is not easy to tell that it is private (even though we named the album (“My Private Pixamid Album”). We surmise that a few users reported this behavior, and these reports were enough to trigger our account to be deleted automatically.

Once we realized this was the likely issue, we again looked into suppressing this wall post. Luckily, Facebook had introduced this ability at the end of March (we had missed that announcement), and within an hour, we had a new Facebook app, which was no longer posting to users’ walls on photo upload. Alas, this version had to be submitted to Apple, and we waited a week to get it approved.

Looking at things in retrospect, it’s hard to say if we would have done much differently (except of course implementing the wall post suppression as soon as it was available).

We could have built our own image hosting & accounts from the start, which would have freed us from complete reliance on Facebook. But that was not our vision -  we want to offer great sharing & organization of photos, but within and supporting any image store a user already has. And with our limited resources, this would have meant a whole lot more work.

Facebook is huge, and has to police over a million developers. We all know of apps that are highly abusive, spammy, or outright evil. Facebook has to have some automated means to detect and deal with these abusive apps. But the lack of any transparency is something that Facebook must fix - developers that are trying to do the right thing need to be informed properly  of complaints. Deactivating apps without warning, and with no recourse, will seriously hinder Facebook’s ecosystem growth amongst “real developers,” leaving just the scammers and spammers.

So my advice to any real developer planning on relying only on Facebook identity: think hard on this, make sure it is the best option. If you can do it, give the user the option to not use Facebook (either some other service, or creating their own account).
And if you do only use Facebook, make a plan for the worst case. Having an iPhone app hard-coded to a specific FB app is a recipe for an unexpected 1 week hiatus.