May 19, 2011 | 8 Comments

New Twitter Permissions Hits Mobile Developers Where It Hurts

Wednesday Twitter announced they would be changing the way 3rd party users grant permissions. Twitter stated “users and developers have requested greater granularity for
permission levels.”

Another hit for developers?

Unfortunately, this is another hit for 3rd party developers, particularly mobile. In laymen’s terms what Twitter is asking mobile developers to do is move over from an authentication system that just required a username and password (XAuth, and the password was never given to the 3rd party developers to store) to a more convoluted system that requires a pin to be entered, and and an authorization screen to be accepted.

A developer on the Twitter Google Group Forum may have put it best:

“Hi Matt,

Thanks for your feedback. I think the following paragraph can’t be
generalized, though:

Question: Why will you not grandfather existing applications into DM access?
Matt Harris’ Answer: “Grandfathering all existing read/write tokens assumes they all wanted
access to DMs. The feedback we’ve had from users and developers tells
us otherwise. We want to give users the opportunity to make an informed choice.”

I can assure you that if I am asking any of my 100.000′s users that
they would disagree with that statement. They all explicitly want to
access DMs in my Symbian based Twitter client. They actually EXPECT to
have access to direct messages.

A Twitter client without access to Direct Messages is not a Twitter
client. Wouldn’t you agree?

I would urge you to rethink this decision – or let us know in all
honesty why you were imposing this bad UX on third party clients only.

If there was a proper way of doing the Web OAuth flow on the Symbian
platform, things would be a bit different (although not much.)

But now, the best option for me is to setup an intermediate server for
the OAuth flow – effectively giving me access to the users’ OAuth
credentials. Something, that I didn’t have access to before.
Something, that I didn’t WANT to have access to from the beginning.

This doesn’t seem like an improvement of privacy for my users at
least.

Please, please find a better solution for this. There are many options
that won’t break third party clients – clients which cannot go through
the web Oauth flow, clients that have a wonderful user base
contributing to the Twitter “experience” with a lot of great Tweets.

Cheers,
Ole ( @janole / @gravityapp )”

Mobile apps may not be able to do it in time:

Especially iphone / ipad applications whose users rely on the DM feature to function, it could take 4 to 6 weeks to get approval for the changes. This means that a lot of mobile apps may have a useful feed displaying an error message. Originally Twitter announced an “end of the month” deadline for the change, but late last night changed it to be June 14th.

Twitter’s own apps are NOT adhering to the same level of privacy:

Matt Harris of Twitter’s API department says in response to “ Will Twitter’s own applications also go through the OAuth web flow?”

“We’re taking this step to give more clarity and control to users about
the access a third-party application has to their account. The way
users interact with Twitter’s clients is not expected to change.”

The wrong message

The public is getting the wrong idea. A recent Mashable article framed this as a very positive move for Twitter, and one look at the comments immediately shows how people simply aren’t understanding the motivation. Comments like this do nothing for the image of developers:

” I had no idea they could do this to begin with. This is pretty eye-opening. I feel violated and I don’t even know if third party apps have actually accessed my DMs. lol”

Third party apps are not in the business of trying to steal your information, least of all DMs which is arguably the most spammy part of the Twitter experience. Instead, developers are trying to streamline the UX so that people set themselves up easily and quickly. Who wants to do 3 steps when it can be done in one?

Have your say

Are you a Twitter user who is really happy about this recent change, or are you a developer coping with the hit? Let your thoughts be known by commenting!

Tags: 3rd party developers, featured, mobile twitter apps, new permissions, twitter

Author:Tammy Kahn Fennell

Tammy is the editor of this fine blog, and the CEO of MarketMeSuite, the premium Social Media Inbox for Small Businesses. Go on, you can even use it for free! You can follow Tammy on Twitter @Tammykfennell.

View all posts by Tammy Kahn Fennell →

Subscribe to our e-mail newsletter to receive updates.

← Targeting A Message: Homeschoolers and Social Media

An Open Letter To Twitter From A 3rd Party Developer →

Anonymous

A twitter client without direct message feeds is not a very good twitter client at all.
http://twitter.com/LautaroAlberto LautaroAlberto

Sadly, if I look for the motivation of this movement, I’d say it’s a little bit of “Mac’s supremacy attitude” and the recent Skype movement to prevent 3rd. party apps from using their services.

Taking the wrong path they seem to THINK that by separating from the rest they will become stronger, when the truth is 3rd. party apps are an integral part of the whole production engine.

Cut DMs from 3rd. party apps and you will see lots of ppl feeling unhappy about their twitter accounts cause of the lack of “awesome features” that they could use in their prefered 3rd party apps, but now left behind cause of an impositive and restrictive measure that only obbeys to Twitter’s own ego tryin to gain room for their own apps.

Nothing good can come out of this, all in all, I really doubt this is an improvement indeed.

P.S: What a HORRIBLE MESSAGE TO READ from an end user’s point of view, so now all the developers are hackers tryin’ to reach what’s not supposed to be touched? I’d go further and say that twitter owes developers an apology for that lowhit.

BR. @LautaroAlberto:twitter
http://twitter.com/NateHill Nate Hill

I’m not a developer so I don’t know how this affecting people that depend on twitter. It would have been nice had Twitter made more of an effort to separate twitter clients from programs that allow users to use their twitter accounts.

And I think the latter is what this change is about. Not all twitter apps need access to DMs (e.g., TwitPic). And people are increasing using their twitter accounts for accessing and signing in to other programs (e.g., commenting systems like Disqus).

I hadn’t really thought about a company like TwitPic or Disqus having access to my personal messages until I read this article. However if they did have access then obviously I want that to stop.
- http://www.facebook.com/tammykahnfennell Tammy Kahn Fennell
  
  Nate you make a great point, but, It should really be for “new users.” Any client style app has users who expressly know that DM is a part of it – that’s a part of being a client. I think the main issue is that Twitter has given a time frame that is not possible to adhere to for most mobile developers – initially it was 12 days. I am hard pressed to believe that the security measure was so necessary that hundreds if not thousands of apps need to upset their users. For a change like this, at least 3 months would be the right thing to do, in my opinion.
  - http://twitter.com/LautaroAlberto LautaroAlberto
    
    Let’s just not forget about what’s at stake here Nate and Tammy.
    
    In one hand we have end users that make use of 3rd. party apps to manage their communication flow along the day. Make it hootsuite, make it tweetdeck or any other device.
    
    Without access to the DMs users wouldn’t be able to even send or recieve private messages, because that’s what this is about.
    
    It’s not like Tammy is tryin to have access to my DMs cause Im that interesting, it’s because of the functionality and how practical it is for end users like you and me to be able to send, receive and read those DMs from my favorite app.
    
    I know it’s not a permanent situation, but still!… Why was it necesary to make this change when Twitter it self didn’t do so?!?!?!, where is the truth in that?
    
    Im not a dev, but i can imagen what is it gonna be to have a function-less wall in my android device, and no, im not switching to twitter’s app, not cause i have something against it, but because i love the freedom to do what i want, that tweetdeck provides me. (Im still waiting for MarketMeSuite mobile app and I will be able to die happy, so hurry up Tammy )
    - http://www.facebook.com/tammykahnfennell Tammy Kahn Fennell
      
      I promise, we will get you your MMS mobile! A few months away yet but working on it!
Pingback: An Open Letter To Twitter From A 3rd Party Developer – We Are Social People
Pingback: Obama is Dead? Fox News Twitter Account Hacked #obamadead