Twitter today announced on its blog that it has implemented more control over the access third-party applications have on user’s profile information.
The update focused on two main areas of app permissions. The first gives users more control over the most private information on Twitter – direct messages. Apps that have access to your direct messages will have to ask for permission again. Any that don’t need that access will no longer have it, according to Twitter. The second now makes it very easily to understand what the app will be accessing when the user allows the connection to their accounts. For example, a list will appear (image) to inform the user of the activities that will occur, such as reading your tweets, updating your profile or posting tweets on your behalf.
Not everyone is excited about Twitter’s changes, including John Gruber at Daring Fireball, who notes that another announcement on Twitter’s API forum will make all third-party apps use OAuth for authentication. Right now, many of these apps use xAuth, an authentication that simply asks the users for their username and password within the application and only needs to store a key. With OAuth, the user will be taken to an outside web browser for authentication and then be returned — something that Gruber thinks makes for a confusing and bad user experience.
A deeper look by Gruber suggests why Twitter may be making this change. The added layer of complexity may discourage people from using these third-party apps. Conveniently, Twitter’s own applications won’t make users go through the OAuth process, which may give them a slight edge on the competition.
Twitter has also to some of the developer criticism, saying that it will push back the enforcement date for these to June 14, two weeks after the initial. As for whether this will make the experience worse for users, the company says:
We’re taking this step to give more clarity and control to users about the access a third-party application has to their account. The way users interact with Twitter’s clients is not expected to change.