How Facebook should redesign its third-party login design

To prevent users from handling sensitive data to third-party app developers on facebook platform

The Controversy

Read it if you are not updated with the recent development of Facebook controversy, else jump to next paragraph.

The bad days inside Facebook is happening now. Most of the people already know about the massive amount of data breach happened by Facebook to some data-analytics company Cambridge Analytica, who illegally purchased data of nearly 87 million Facebook users from an individual named Aleksandr Kogan. And those data included some private things like messages, photos of users. And the best part is this was not hack or something. The individual named Aleksandr Kogan built an facebook app and asked for all kind of permission from the users when they signed up for that specific app built on Facebook platform. Users granted those permissions and the developer got access a massive amount of data of Facebook users. He stored those data in his database and later sold to Cambridge Analytica for $800,000. The selling of data is illegal according to Facebook’s privacy policy, and Mark Zuckerberg keeps claiming that they asked Cambridge Analytica to delete all data and he “thought” this is a closed case. But eventually those data were used in America’s election to campaign and were used to manipulate the election result which surely is not a good thing for a country like America.

Now if we reach to the bottom of the issue, we clearly see, it’s facebook who granted access to user’s data. And the individual used that data inappropriately. But the question remains same. Why Facebook didn’t take a solid action against this massive data breach? Why didn’t they monitor that 84 million users’ sensitive data is getting transferred to a third party developer? Mark Zuckerberg keeps telling that all data were accessed with user’s consent. They supplied data as users granted permission to do so. And that’s true. Users granted to access those data.

And here comes the biggest User Experience issue. Can you remember the last app you used where you logged in with Facebook? If you can remember, can you tell me that what kind of permissions were asked to you? And what you granted and what not? If you can remember, then you are safe and congratulation, you belong to less than 1% of users who don’t take personal security for granted. But most of the people don’t even care. By logging in with Facebook, they grant all permissions they were asked for. They just click on a gorgeous blue colored Continue button and use the app. They don’t bother to read what’s written in the permission list. But when data leaks happen, then everyone becomes very touchy about the fact. No, I am not putting any allegation against users. Rather, I am suggesting changes in User Experience in Facebook’s third-party login procedure(developer terms- oAuth login).

Facebook oAuth Login

So, I am taking Pinterest as an example. Pinterest is a famous photo pinning app used by more than 100 million users worldwide. They have a variety of choices for logging in. And one of them is facebook login which I believe the most-used login procedure.