Social Login Data: Users Still Care About Their Privacy

Published in

About OAuth

6 min readSep 18, 2014

Last week, I published a post about Social Logins Myths: my point was to clarify a couple of misconceptions. A few hundreds of retweets later, I began to browse the feedback. One person legitimately criticised the lack of data in my article:

Well, it wasn’t the point to publish data, but I already had this second post in mind: 100% focused on the question of “Social Login” analytics, based on what we have, thanks to OAuth.io. So here it is.

If you’re looking for bold statements or magical solutions, then hit the road ☺ As usual, the reality is grey rather than black or white. Please don’t blame me for the world’s imperfections.

The State Of Social Login Analytics

The two leaders in Social Login analytics seem to be Gigya and Janrain. When searching for information in this field, you’re likely to end up reading one of their quarterly reports dedicated to this topic.

This kind of studies is excellent for PR, as it provides “figures,” a precious material that journalists love. They can then write about trends, and publish a few statements like “Facebook is beating Google,” “LinkedIn is far behind,” etc. I like to call these figures “PRon:” fun anagram isn’t it? When you dig a little bit into it, things are a bit different though.

For example, I found very amusing that there are some huge differences between concomitant publications, focusing on the very same topic.

Here’s a journalist reporting the results of two “Social Login Reports” from Q1 2014:

Yesterday’s social login report from Gigya showed that globally Facebook owned 53% of the overall social logins, beating Google+ by 25 percentage points.
A new study from Janrain paints a bleaker picture for Facebook with at 42% share, up only 4 percentage points over “Google.”

Wow, a double digit variation, that is staggering. This caused some hilarious post-scripts in reaction to the article, where both companies explain that the differences come from the fact that they are the best. I might be slightly exaggerating. Not.

The difference is really probably a result of a better / larger enterprise and international set of data with Janrain compared to Gigya

#LOL

Whatever, the truth simply is that their studies represent their customers, who themselves don’t represent everybody in the world. I would never use their reports as a benchmark, but the imprecision of the data is only a small part of the problem.

Who’s the most popular Social Login? Well, I don’t care.

The data itself is not actionable. It might lead to a nice tweet, but it won’t help any serious Product Manager. Knowing that Facebook or Google is more popular can’t drive our decisions.

What we want to know about is the conversion rates, and the eventual differences from one provider to the other. When the user clicks and that the pop up window appears, what are the proportions of OK VS Cancel? That’s interesting.

By the way, if Janrain and Gigya were sharing this kind of data, it would help to choose the right vendor. But just like email service providers don’t communicate about the average open rates of their clients, the public usually won’t get this precious insight.

However, I’ll share some of the data that we have at OAuth.io. Don’t forget that one pitfall remains: this data is relative to our user base (I’ll get back to this later with an example).

So here’s what we have:

Not familiar with the logo next to Google+? This is VK.com, the Russian version of Facebook, and quite a few of our users come from this region (most of them are in California though…). Interestingly, the acceptance rate is almost equal to its American alter ego. Funny isn’t it?

The winner is Google+ and Facebook is very close behind. This probably explains why a website such as Stackoverflow proposes Google+ first and… Facebook in second.

I’m taking this example because you could have thought that Github was a good option for them, since they target developers. Apparently, it’s not.

Off topic but interesting: see the “More sign up options” at the bottom? It’s a great way to offer more choice without confusing the user (7 other options are proposed, but still no Github).

LinkedIn is far behind, with 65% of acceptance, which maybe reflects the fact that it represents only 2,4% of the overall social logins. People are just not used to it. Google is perceived as a trustful identity provider, while LinkedIn remains the “professional social network.”

Again, the context remains key. For example, LinkedIn’s social login might be more relevant if your app is an event networking service: features matter.

Our data versus the other’s data

My Permissions is a great service to explore which apps have access to your resources (they just launched a new tool last week). They were kind enough to share some of their data about Facebook Connect Logins conversions:

As you can see, there is a 16% difference when looking at the accepted logins with Facebook. We identified two factors that could explain this:

1- MyPermissions’ data comes from well established apps, who tend to ask for more permissions… which in fact lead to more refusals.

2- A lot of developers relying on OAuth.io don’t simply use the Social Login for its own sake, but rely on the permissions granted to deliver a particular service. As the access to the features depends on the approval, conversion rates are higher, because the users have a clear reason to click yes.

This leads us to another kind of actionable data…

Scope Optimisation: Which permissions get refused?

This data is very useful for product design: if your product relies on certain sensitive permissions, it’s important to know about the average drop in terms of acceptance.

Here are a few examples illustrating how cautious the people are. You should read these figures like this: “among the token requests processed by OAuth.io, if this particular permission was asked, then XX% accepted / refused:”

This could be a surprise if you thought that people no longer cared about their privacy, but guess what? They still do! Meanwhile, a permission such as “sharing your photos” is easy to get:

This might be due to an “Instagram effect:” people tend to post private moments publicly… But then, why don’t we see a “Foursquare effect” for the geolocation? Well, maybe because this latter is less popular ☺

Bottom line: Make sure that you get actionable Social Login Analytics

We ourselves added this kind of analytics reports in June, as many users had expressed their interest in such a feature. The important is to be able to monitor the conversions, and compare based on the scope variations.

Other OAuth / Social Login vendors probably provide this data, but if so, they don’t communicate about it.

Always stay cautious when you read reports who present their data as an authority.