May 6, 2020.
“It was 8 pm, I had just finished work for the day and was about to order dinner from one of my favourite places when the app I use for that simply wouldn’t launch. It crashed on launch every single time.”
Such was the predicament of millions of users of popular iOS apps such as Spotify, TikTok, Pinterest, Tinder, Bumble, Soundcloud and even Google, to name a few. When the crumbs of technical analysis in the aftermath were followed, the issue was revealed to be caused by Facebook’s SDK (software development kit) for iPhone users worldwide.
The issue first came to light at around 06:30pm ET, when several of these oft-used apps started crashing. The crashes sent iPhone users into a tizzy and many angry users took to social media platforms to vent their ire at the sudden occurrence of this inexplicable inconvenience.
Soon after, many iOS developers also reported their problems and opened an issue on GitHub regarding the same. The issue impacted not only those users who had logged into these apps using Facebook, but also those who hadn’t – including the tiny percentage who didn’t even have a Facebook account!
The problem erupted because Facebook disabled a server configuration update that triggered its SDK to cause apps using it to crash. The SDK is actually offered as a convenience for both developers and marketing teams. It can also be used to collect rich data for analysis from users and companies which are intertwined within its formidable reach. The SDK is also used to track the conversions of ads run through Facebook.
Simply put, the crash arose due to the server-side sending some bad data to the SDK, which caused code in the SDK to crash, consequently bringing down the app that was running it. All these activities occurred during the initialization of the SDK – something that takes place right after launching the app – hence the apps became simply unusable. In relation to its enormous impact, the issue was quite small. The SDK was expecting a reply in a specific format, which was not provided by the server-side. It calls Facebook servers every time the user launches the app, and where a library of results was to be retrieved, an entirely different format was returned, causing a cascading series of failures for any app that used it.
To their credit, Facebook, after getting wind of the bug, quickly moved to resolve the issue. In an official statement, as reported by the popular technology news website The Verge, a spokesperson from the company said that although the fix was implemented within the hour, it took more than a couple of hours to roll out to the affected user base.
Facebook Bug: Colossal Damage
The problem has brought to light the scope of the world’s largest social media platform and how even its minor issues can have seismic effects, affecting almost everyone throughout the mobile software industry. It has caused critical issues like usage of third-party apps, privacy concerns to surface. What it has also done is offer a glimpse of how deeply entrenched we are in Facebook’s ecosystem and how many roads lead back to it.
Some steps which can be taken to combat it could be implementing Facebook login without using their SDK, so that only people who login using that method will get their data processed by Facebook. Some developers have also come up with creative workarounds such as using Pi-hole to block apps from accessing the domain facebook.com itself. The other solution would be some form of sandboxing that isolates this type of SDK from the main app code. Apple’s operating systems already have and use XPC extensively – and iOS supports extensions – but it still doesn’t expose such functionality to developers.
It should also ask questions from the marketing and analytics teams of any company, which prioritize the collection of data for extensive analysis over consultation by developers and engineers first. Such top-down decisions taken by companies cause a lot of lament among developers, many of which are pushed to incorporate it as a practice purely for ease of communication between teams and access to features while ceding other important factors.
Even though it remains to be seen what would be the way forward, based on the current scenario, it would be advisable and in our best interests that the solution be more technical. Let’s see how the developers incorporate these changes in the future.