If it feels like the software world is held together by string and a prayer, we don't blame you: Facebook SDK snafu breaks top iOS apps

Update used wrong data type, causing Tinder to Spotify to fall over

Got Tips? 14 Reg comments
Facebook logo surrounded by thumbs down

A change in the Facebook SDK backend managed to crash many popular iOS apps that integrated the code library, used for implementing various Facebook services.

Around 1330 PDT on Wednesday, software developers were stumped when their applications mysteriously crashed after being launched by users. Among those affected were Bumble, Doordash, Duolingo, Google, Pinterest, Soundcloud, Spotify, TikTok, Tinder, Venmo, The Walmart App, and others.

App makers can add the Facebook SDK to their apps to use Facebook's Login system as a single sign-on provider, to access its analytics service, to get social graph data associated with the app user, to implement deep linking to content within the app, and to utilize Facebook mobile ads.

collapse

How one developer just broke Node, Babel and thousands of projects in 11 lines of JavaScript

READ MORE

But third-party code magnifies the chance of bugs. Developers tend not to fully understand third-party libraries and tend not to pay much attention to flawed code there until it's too late.

Also, platform owners may decide they no longer want to allow certain functions for privacy or security reasons, as Apple has done, which may require developers to remove offending libraries on short notice.

The scope of the issue isn't entirely clear but it looks to have caused many thousands of crashes. A few hours later, Facebook fixed the issue and apologized.

"Yesterday, a new release of Facebook included a change that triggered crashes for some users in some apps using the Facebook iOS SDK," a company spokesperson said in an email to The Register, echoing the wording in the GitHub Issues post announcing the bug's resolution. "We identified the issue quickly and resolved it. We apologize for any inconvenience."

Facebook did not respond to a request to clarify the source of the snafu, though a developer participating in a GitHub discussion of the issue attributed it to a data type mismatch:

It appears the cause is this configuration the Facebook SDK is receiving from the mothership for restrictiveParams:
"restrictive_data_filter_params" = "{"is_health_app":false}";
The value is expected to be a dictionary, not a BOOL.

Another developer echoed that diagnosis.

What made the incident particularly galling to developers is that attempts to disable the SDK by commenting out the setup code didn't work because Facebook's library uses a method called +load to ensure that the runtime initializes the framework.

A more developer-friendly design would allow the SDK to be loaded when needed – lazy loading – rather than up front in all cases. Facebook, however, would get less data in this scenario.

A more privacy-friendly design would allow those using apps that insist on integrating Facebook technology to disable parts or all of its SDK – just because you want to use an app like Duolingo doesn't mean you want to have anything to do with Facebook. ®

Sponsored: Webcast: Simplify data protection on AWS

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Biting the hand that feeds IT © 1998–2020