With the new Facebook Login we introduced last year, it's easier for people to control the information they share with your app. The new Login gives people the option to opt out of the permissions apps request — so it's important to build a Login experience that works well for people no matter what permissions they grant or decline.
We tested more than 5,000 apps to see how people experience the new Facebook Login and to identify common errors within apps that may cause suboptimal experiences for people. When we logged into apps and de-selected permissions, such as email address or birthday, we saw a few common scenarios across all the apps we tested. Below are a few of those scenarios, along with tips on how to build and design your Login experience to gracefully handle declined permissions.
1) Error Messages: If people choose to decline a permission, they should be able to log in and experience your app without seeing an error message. Errors leave people with a negative impression, especially errors that are unclear or do not give people an option to move forward.
2) Silent Errors: Other common errors include showing a perpetual loading screen, or returning the person to the login screen in a continuous loop. This usually happens when an app is designed to move forward after it receives a permission, but cannot move forward since that permission was not granted.
To avoid these scenarios, it's important to think about what happens in your app when a person declines a permission. Below are strategies for how to handle declined permissions, using an example app called Flick Finder. This app helps people find movies they enjoy and notifies them when those movies are playing in nearby theaters.
1) Continue on without the information: Let the person continue in your app without an error message. Error messages that lock people out of an app discourage sign ups and you lose a new user. You can always request the information after a person becomes more familiar with the app experience.
2) Explain why you need the information and re-prompt: People may decline a permission because they don't understand why your app needs that information. In this case, your app could display a dialog explaining why you need the information and how it'll be used to enhance the experience. For example, the message below might appear when a person has declined the email permission. The “Add Email” button takes the person back to the Facebook Login dialog where they can grant the permission.
3) Collect the information yourself: In this example, Flick Finder wants to collect a person's birthday so it can recommend age-appropriate movies. If a person has declined to share their birthday when they logged in, Flick Finder can still create a place to collect the information inside the app, separate from the Facebook Login flow. We recommend doing this after a person has had some time to familiarize themselves with your app, so they have a better understanding of how the permission will improve their experience.
As a reminder, from April 30th, 2015, we'll start upgrading all apps to Graph API v2.0 and the new Facebook Login. We recommend evaluating your app's Login experience now to ensure that people can continue to log in easily after April 30.
We look forward to sharing more best practices as we work with the developer community. For additional tips on onboarding people into your app, check out the talk from this year's F8, “Designing a Great Onboarding Experience” .