MightySignal menu
Authentication SDKs in the Mobile Marketplace: What Happens When Digital Handshakes Break Down?

Authentication SDKs in the Mobile Marketplace: What Happens When Digital Handshakes Break Down?

A few weeks ago, on the morning of July 10, 2020, people around the world woke up to find a mysterious bug at their fingertips. Many of their iPhone apps—including major apps such as Spotify, TikTok, and Venmo—were crashing almost immediately after opening them.

The top 10 Apps with Facebook Login SDK installed, June 2020
The top 10 Apps with Facebook Login SDK installed, June 2020 (Source: MightySignal WebPortal)

These errors were traced back to an issue with the Facebook Login iOS SDK (software development kit). Among other things, third-party apps use the Facebook SDK for user authentication, and users who signed into these apps using their Facebook account were suddenly prevented from accessing the service.

Users quickly found a workaround for the bug by blocking the facebook.com domain in their DNS settings, and the issue was resolved in a matter of hours. Still, this wasn’t the first time such a bug has happened this year: a nearly identical Facebook SDK bug had caused many iPhone apps to crash back in May.

Authentication SDKs play a vital role in mobile apps by performing a “digital handshake” between devices and servers, but it’s only when they break down that their absence is sorely felt—both by developers and by end users. In this article, we’ll discuss the role of authentication SDKs in the mobile marketplace, and what happens when the digital handshake breaks down.

What's the Role of Authentication SDKs?

Mobile authentication SDKs provide a consistent interface between users and third-party servers. The steps of mobile authentication generally proceed as follows:

- The user provides existing login credentials to sign into a new third-party mobile app.

- The authentication SDK sends an authorization code confirming the user’s credentials to the third-party server.

- The server uses the SDK to trade the code for a user access token.

- Finally, the user receives the token and is able to log into the mobile app.

This process is sometimes known as the “digital handshake.”

According to our data, some of the most popular mobile authentication SDKs for iOS and Android include:

TopiOS-AuthSDKs_7-13-20.PNG
Top Authentication SDKs for iOS apps, June 2020 (Source: MightySignal)

Mobile authentication SDKs provide a valuable service for all parties. 
For end users, the greatest benefit is convenience: they can log in with their existing credentials, rather than having to remember a new username and password. Meanwhile, third-party apps can take advantage of existing authentication functionality without having to reinvent the wheel. Finally, the authentication SDK provider gains information about which apps their users are logging into, which helps them build a more complete picture of their user base.

What Happens When Digital Handshakes Break Down?

Apps that use authentication SDKs tend to cluster among the most popular options. According to our data, 40 percent of the top 200 iOS apps use the Facebook authentication SDK, while a whopping 91 percent of the top 200 Android apps use the Google Identity SDK for authentication.

Of course, as we’ve seen with the Facebook bug, this clustering also has its downsides when the “digital handshake” is suddenly refused, bringing down mobile apps through no fault of their own.

Digital handshakes can break down for multiple reasons. For example, the SDK may suddenly experience unexpected issues after upgrading to a new version. The SDK may also crash if there are changes to the server that the SDK interacts with, even if the SDK code itself doesn’t change.

To be fair, Facebook isn’t the only company to have problems with SDKs—nor are such problems exclusive to authentication SDKs. In April 2020, for example, the Google Maps SDK suddenly began crashing, bringing down mobile apps that relied on its digital handshake to provide location services. One app developer complained about the glitch’s extreme, sudden consequences: “We are ruined, the 1 stars and angry emails are unstoppable. Google, please do something about it.”

Because authentication SDKs control users’ access to mobile apps, potentially blocking them from logging in entirely, fixing the issue and reestablishing the digital handshake should be developers’ utmost priority when things go wrong.

How MightySignal Keeps Track of Authentication SDKs

Curious about how different mobile apps use authentication SDKs? You’re not alone—and MightySignal is here to help.

The MightySignal platform tracks the popularity of all authentication SDKs in the mobile marketplace, as well as the date(s) when each mobile app installed or uninstalled the SDK. MightySignal also provides a variety of mobile app and SDK intelligence for iOS and Android devices, including monetization, location, messaging, and more. Interested in peeling back the curtain? Contact us today to learn how MightySignal can help.

Try MightySignal Today!

Please provide your email.

Newsletters make you smarter.

Please provide your email.

Contact MightySignal

Please provide your name.
Please provide your surname.
Please provide your email.

Trusted by

  • Zendesk
  • Mixpanel
  • Amplitude

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.