[zyb09]

It's not that bad. The only thing Google/FB/Twitter gets to know is that a user Y is using app X. Nothing more, and not detailed usage stats, just the basic fact.

For that they handle the complete user registration, recovery & auth process for you, with all the work and pain attached to it.

Granted if your OAuth provider were really evil, they could log into the users App X account and access whatever data he has inside the app, so you have decide if that a concern or not.

[zie]

Yes, but they get "only" that, but with it, they get, time/date of when you use the app(and perhaps how long, depending on how you/they handle logouts). Plus they get this for EVERY app that's used. You start aggregating this information and suddenly you can tell a LOT about a person. Plus this is all for ad dollars, FB/Google/etc can(will/do?) sell this information, to anyone willing to pay for it.

For a hello world app, no big. For a game app, what happens when your employer buys the data, and notices you are playing games on "company" time... Of course lots more privacy failures can be easily imagined here. I picked low privacy failures, but larger failures are very easy to imagine.. Especially when we know that most large governments also have this data, directly siphoned from Google/FB/etc.