How changes to Facebook’s app auth process affect developers

Along with other new privacy controls, Facebook today announced changes to the apps permissions process, which separates read and write permissions into different dialogs. The new flow gives users more control, but adds an extra step that could have an effect on acceptance rate and change the type of access users grant apps.

Today’s changes do not affect how users install games on, but will apply to mobile apps and other sites using Facebook login. Now that apps will request read and write permissions separately, users have the option to log into an application and receive a personalized experience using their name, friend list and other aspects of their profile, but they can reject the app’s request to publish activity on their behalf.

Previously, users accepted these permissions in one step, which led some users to unknowingly authorize an app to post to their wall. When users better understand what an app can do, they are less likely to be taken by surprise and end up marking an app as spam. They will also be more likely to add more apps in the future. Without feeling like they have control over what they share, users might be hesitant to add any third-party apps. That said, the two-step process could also lead to lower install rates or lead fewer people to allow apps to share their activity.

In some cases, the app auth process may involve three steps. That’s because Facebook also distinguishes “manage” permissions from read and write. If an app wants to manage a user’s ads, events, notifications or other products, it will have to request this in a third dialog.

Some aspects developers will appreciate are how the new dialogs are smaller and more lightweight, which is less likely to turn off users, and how some permissions have been combined. For example, apps used to have to request separate permissions for “publish_stream,” “publish_actions” and “publish_checkins.” Now an app can simply ask if it can publish to Facebook or not. “Basic info” has also been renamed to “public profile and friend list” to be more descriptive and transparent to users.

Facebook says all mobile and non-game web apps will be converted to the new auth flow automatically. No changes are required to a developer’s code.

Here’s a look at how the read and write permissions dialogs appear on different platforms:

Images from Facebook.