Monday, August 07, 2017

Now that the User Downloaded Your Shiny New App, You'll See Him/Her Churn Because You're Asking for Email and Password

One of the most frustrating things in building a new consumer app today for iOS and Android is the user churn you get in trying to get users to sign up or log in.

The App format is already circuitous: You have to get users to both download and then open your app. Just that open step loses 10-20% of users when they forget that they installed your app in the first place. But then you have to make them create an account with a username and password, where you lose another 40-60% of users that don't want to make up and remember a new secure password, or won't complete the email verifications. You could offer logins with Facebook or Google, which lowers churn to the 20-40% range, but then you'll have to get and keep refreshing OAuth tokens and may still have to make users create their own separate password later. Even for apps that mirror a web presence where users have already created a password, you'll lose 10-30% of users who can't be bothered trying to remember it.

When developers see these sharp dropoffs in their signup and login funnels, the obvious reaction is to want to build a "logged-out experience" which lets users see some of the content in the app, but then requires you to signup or login if they want to create or interact. This is a seductive idea, and you will get more logged-out users explore your app, but they are less likely to see value in the app because of the limited feature set, or graduate to fully engaged users they still have to climb over that wall. The danger of logged-out usage cannibalizing logged-in usage is real.

Why are logins still a problem? It's 2017! Well, security and privacy are hard. Apps are sandboxed and can't get access to a stable unique ID that could serve as a proxy for identity (the iOS IDFA and Android Advertiser ID comes close, but can be changed by the user). You can't just have the OS autofill email addresses and autogenerate passwords because then every app would want to capture your email address. (Although variant of this, in which Android and iOS create proxy email addresses and offer an OS-level password manager could be the closest we can come to an elegant solution.) Android password managers offer their own keyboard that can autofill credentials - but realistically, only nerds like me use password managers. Any simple-to-use solution has to be much more fine-grained: For example, for the case where you downloaded an app for a website you've already logged into, Apple offers associated domains that lets apps access Safari autofill credentials. But this is only for people who use iOS, browse the web in Safari (not Chrome), have entered their password for the associated site on mobile web or their desktop Mac, and use apps whose developer went through the trouble of setting up associated domains. That's a small set of users.

Signups and logins in mobile apps will continue to be painful for the foreseeable future.

No comments: