[cpv]

My 0.2$, a previous comment of mine https://news.ycombinator.com/item?id=22180163

"Some chat apps (like Viber and others) have Facebook SDK integrated in them, without any direct Facebook functionality people would use. Discovered after using NetgGuard, and seeing who is calling home, and not only home. (Why viber is making requests to graph.facebook.com anyway?)

Duolingo is a nice app for learning new languages, yet it might be using the same sdk, since it likes to call facebook.com domain.

Netflix is a good streaming service, but it has some option somewhere, which allows them to share data with others, and enabled by default. And yes, it's present in fb activity.

The list can go on...

There are developers who integrate dozens of SDKs, without any specific purpose for users, and not knowing what is happening. We need something like PrivacyBadger/ublockorigin for phones/laptops/routers/homes/cars. It's getting more than creepy.

And why would Facebook allow third-parties/businesses upload into FB info they have on their customers...

PS: analysis of how a simple menstrual tracking app is leaking data about the owner https://media.ccc.de/v/36c3-10693-no_body_s_business_but_min... "

[jonas21]

You can't really blame developers for this. Most aren't integrating SDKs for no reason at all -- they're integrating them because users are asking for a feature the SDK provides.

For one app I worked on, we made a decision not to include Facebook or Google login and only support email/password login, specifically to avoid leaking information.

A subset of users was not pleased at all -- and they sure let us know about it. Maybe around a third of our support requests were asking for third-party sign-in. People often made privacy arguments in support of it: they'd say "why do I have to give you my email address to create an account?" (though usually much less politely). And they kind of had a point. You may trust yourself more than you trust Facebook, but most people are going to trust Facebook more than they trust [random developer].

Anyway, it takes a lot of effort to deal with these support requests, it sucks getting yelled at (even in text). Some of these users probably went on to give the app a 1-star rating, and just a small percentage of those will really drag down your overall score. Dealing with this was not fun. It would have been much easier to just add FB or Google login.

[JohnFen]

> You can't really blame developers for this.

Sure I can. And I do. Developers are making these choices, after all. I understand the economic drive behind them, but that doesn't get the devs off the hook.

[jonas21]

My point is that some users want Facebook or Google login and get mad if you don't have it. Other users don't want them and get mad if you do. Because you have to decide whether to include the SDK when you build the app, it's impossible to make both groups happy at the same time.

[JohnFen]

It's not impossible, it just requires more development effort. Just because the SDK is present doesn't mean it always has to be used.

[cpv]

To be honest, Fb login is one of the least reasons I worry.

I have seen apps sending requests to facebook graph without using the login, or they don't have facebook login at all..

I haven't rated any apps based on this, though.