New rules make life more difficult for third-party developers
In March, Twitter platform group head Ryan Sarver announced that the company wanted third-party developers to stop making Twitter clients, citing that a “consistent user experience is more crucial than ever,” despite Twitter’s own clients not offering a consistent user experience (even the iPad and iPhone versions have feature-disparity) and despite third parties being responsible for all kinds of Twitter innovations, including the first use of tweet and character counters.
Twitter now appears to be taking things a step further, changing the way it deals with third-party API access to direct messages. Although the company’s blog stated the aim was to give users more control over permissions, the upshot revealed on a developer group was that third-party clients would be lumbered with complex OAuth logins or DMs would cease to work.
Developers were further angered when it was revealed Twitter’s own clients wouldn’t be saddled with the complex login procedure. When Craig Hockenberry asked on Twitter if the same limitations would befall Twitter’s own client, Sarver stated: “Twitter apps are part of the 'service', not third-party apps asking for permission to access an account” [sic]. From this, it seems Twitter is surreptitiously wrecking the third-party client ecosystem in the manner of death by a thousand cuts, reducing the usability and appeal of said clients to draw people to its own.
Not long now
Developers also only have until June 14 to implement the changes, which not only include recoding but—in the case of iOS clients—getting through Apple’s sometimes lengthy review process. Ultimately, some clients simply won’t make the deadline, through no fault of their own.
Twitter’s argument that “grandfathering all existing read/write tokens assumes [users] all wanted access to DMs” seems particularly facile with regards to standalone iOS clients where the assumption would logically be that the user would want DM access.
The new demands placed on third-party clients are particularly ironic when considering Loren Brichter’s comments about OAuth in 2009: “OAuth will make you—the user—jump through these hoops so you don’t have to type your password into the client application directly, for your own security. Time to be frank: any security that OAuth claims—with respect to native applications—is an illusion.” Brichter’s third-party client Tweetie was of course used as the basis for the official Mac Twitter client, and Brichter has also worked on the official iOS client.
Developer Matt Gemmell jibed on Twitter: “Next up from Ryan Sarver: third-party Twitter clients must request auth tokens by mail, enclosing a prepaid envelope.” And he believes Twitter is making a mistake gradually grinding down developers: “There’s a huge intersection between developers and Twitter’s early adopters, who helped popularise the service," he told us.
"For a company who have been very slow to monetise, this latest change feels like a very short-sighted and simplistic ‘take my ball and go home’ move, which will alienate those who have helped Twitter build its business. Placing limitations on developers' opportunities for innovation tends to be the death knell of a platform.”
Twitter and Ryan Sarver did not respond to .net's request for comment.