This story is part of a group of stories called
Uncovering and explaining how our digital world is changing — and changing us.
Do you pay for news online? The news industry thanks you for your business. Want to read that publication on your phone without having to log in over and over again? You’re mostly out of luck.
Each time you try to access a story, say, from a subscription site like the New York Times that you found as a link on your Facebook News Feed, you’ll probably be asked to log in again. That task gets very old very quickly — especially if you, like many Americans, get a lot of your news through social media.
It might seem like the problem lies with publishers — I pay you good money, dammit, Wall Street Journal! — but in reality, they have little control. Instead, on the most basic level, the apps where you find those stories (Facebook, Twitter, LinkedIn, among others) are largely responsible. That’s because they require you to read most publications’ content within their apps, which don’t communicate with the publications’ websites — forcing you to log in again and again.
Still, the problem is complicated and involves numerous stakeholders with competing interests. Beyond app makers trying to keep you in their apps, other factors like privacy concerns, advertising, and the fragmented ways in which we read news also contribute to why it’s so annoying to read paywalled stories on your phone.
Most readers get to news stories via sources like Facebook, Twitter, LinkedIn, Google, newsletters, and email, which don’t involve going to a publisher’s website or app where it can more easily figure out if you’re a subscriber.
If you click a website link in an app like Twitter, you’re not actually going to the web. You’re going to a pared-down version of a web browser that’s housed within the app and which lets the app maker control — and monitor — your experience. For the most part, your login info doesn’t pass between the app and your main web browser, so you have to log in to each separately.
“Each one of these apps on your phone has its own browser, which is its own self-contained login environment. And each of these environments have varying levels of ability to retain login information, which we have no control over,” Michael Luo, editor of the New Yorker’s website, told Recode. “This means you may be prompted to log in again after clicking on a Twitter link, even though you might have just logged in after reading us from Google.”
“It’s definitely less than ideal for subscription-based publications trying to ensure a smooth user experience.”
In the current system, for example, in order for a New York Times subscriber to be able click on Facebook to access a New York Times article, Facebook would need to be able to see that the reader is logged in to the paper on their regular browser. But since Facebook opts not to use a regular browser and therefore doesn’t share the same store of local user data as the browser, that information is unavailable to it.
A user would have to log in again on the in-app browser, which retains their information until those cookies expire. Those cookies, however, often expire more quickly because they aren’t used — and updated — as frequently as those on your regular browser.
“I can understand why these app companies want to keep people in their apps as much as possible,” said Luo. “But it’s definitely less than ideal for subscription-based publications trying to ensure a smooth user experience.”
The situation varies app to app and browser to browser. It’s also getting more complicated as Apple’s iOS and Google’s Android have upped their security levels, which generally restricts the dispersal of information.
“These companies are trying to build an ecosystem that meets the needs of so many different stakeholders: businesses, users, and themselves,” Mada Seghete, co-founder of Branch, a company that’s trying to fix login problems, told Recode. “These don’t always play together nicely, and the mobile web is a prime example.”
“For security concerns, apps should not be able to look at other apps’ data, which has created the silos that cause the mobile web to be fragmented from one app to the next,” she said. “This ultimately hurts the user experience where they have to log in five-plus times on the same device to get a consistent experience.”
App makers say they use in-app browsers for better user experience and privacy
App makers could choose to let you go to the real mobile web when you click on a link, but they largely don’t — especially if they are ad-funded platforms.
“Think what happens when you finish reading that article: You close it and you’re back in the Twitter app.”
A Facebook spokesperson gave two reasons for using the in-app browser within the Facebook app as opposed to letting readers go to the actual website or app they’re clicking on:
Those things may be true, but neither are the primary motive: The apps where you access news have a vested interest in keeping you on their platforms. The more time you spend in Facebook or Twitter, for example, the more money advertisers are willing to hand Facebook or Twitter in order to get their ads in front of you. When you click a Twitter link to read a Wall Street Journal article but then choose to read that article in Safari, that’s bad for Twitter. You’re not only spending less time within the app’s ecosystem, but the likelihood you won’t return to Twitter goes up significantly.
“Think what happens when you finish reading that article: You close it and you’re back in the Twitter app,” said Ramin Beheshti, chief product and technology officer at Dow Jones, parent company of the Wall Street Journal. “If you go to Safari or Chrome, they’ve lost you.”
Most importantly, while you’re in their app ecosystem, app makers can more fully track your behavior than when you’re on a browser. We’re only now just beginning to understand what our data is worth.
A Twitter representative said it uses in-app browsers for privacy and security reasons on the publisher’s side. Still, every second longer you spend on Twitter is money in the bank for the company.
“When [time spent] is your metric, that can really be difficult to sort of look at it and say, ‘We want to make other choices that end up in people spending less time in the app,” Ellen Shapiro, a longtime iOS and Android developer, told Recode. “That’s something anathema to them.”
“The financial incentive for bad actors to do shady things is pretty high.”
The situation is getting worse as browsers try to tighten up their security and give users more awareness of when their data is being shared.
“You should have your privacy. That same privacy also prevents us from seeing you’re logged in,” Dow Jones’ Beheshti said. “I think there’s a trade-off at the moment between privacy and amazing UI.”
Platforms are opting for other login mechanisms that benefit them
Google and Apple, which control the app stores where we download Facebook, Twitter, and other apps, could potentially ban in-app browsers. They haven’t done so.
Google declined to comment on the record. Apple did not respond to numerous requests for comment on this article.
Depending on the publisher, developer, platform, or app maker, reasons for retaining in-app browsers varied. Some said Google and Apple are overlooking inconvenient in-app browsers as a way to accommodate popular app makers. Others said the in-app experience was actually better for users.
It comes down to a matter of, “what solution works best for most people,” Shapiro said. “Do you know if 90 percent of users want to leave Facebook and do something else, or do 90 percent want to look at an adorable cat video then go back to pictures of their friends’ children?”
Publicly, both Google and Apple have touted their privacy bona fides recently — but there’s often a fundamental impasse between privacy and convenience.
At its developer conference this month, Apple announced an option to sign into apps with Apple authentication, which it said would share less information with the apps than its competitors Google and Facebook, which have long let users sign up for and log in to new sites and apps using their saved Google and Facebook login credentials. While some publications offer these third-party logins, that doesn’t change the in-app browser login situation. You’ll still have to log in again at each stage and every time the cookies for these logins expire.
“There is a point at which you have to balance the security side of things with the way that the convenience stuff is going,” Shapiro said. “Apple puts a higher premium on security; Google has been putting an increasingly higher premium on security.”
Of course, all of this gives more visibility into your actions to the browser companies, which already have plenty of access.
Apple is creating its own subscription news service, but that doesn’t address how annoying it can be to read an article you find on social media.
Advertisers aren’t pleased with the situation either
Advertisers don’t like browser privacy updates that cut down on cookie access either, since it prevents them from being able to serve people targeted ads, which is already a difficult and imperfect task.
Dave Pickles, co-founder and CTO of programmatic advertising company The Trade Desk, thinks Apple’s privacy updates have improved neither the user experience nor apps’ privacy protections.
“Privacy violations can happen anyway,” Pickles told Recode at the Collision conference in May.
Pickles says a better solution for keeping people logged in would be one that phone makers could solve using a device ID that could notify websites, apps, and advertisers that you are who you say you are. This solution would also let people opt in and out of data collection on a phone-wide basis, rather than having to change settings for each website.
“We want to be able to do targeting with users’ consent,” he said. “What people really care about is good ad implementation: Not too many ads, not the same ad over and over again. User experience is what everyone cares about.”
This option has a big downside, which might explain why app makers haven’t adopted it. Shapiro said that device IDs can and have been used to track people without permission and have even been used to reveal user identity.
“The financial incentive for bad actors to do shady things is pretty high,” Shapiro said.
What users and publishers can do about it
To get around what is currently a clunky and siloed mobile login experience, users can do a few things to make it more tolerable — though none of these are as seamless as staying logged in.
Get a password manager. You’re still logging in for each separate instance, but it takes a lot less time.
“If all I have to do is punch the button and stare at my phone, it makes [logging in] a lot simpler,” Shapiro said. She added, “I completely understand that’s not ideal for less tech-savvy users.”
The same goes for Google, Facebook, and Apple logins, which let people use previously saved passwords for those accounts to log in to other accounts: It’s still another step.
For their part, some publishers, including Dow Jones, are working directly with some of the apps that most frequently link to their sites, like LinkedIn and Twitter, to try to find ways to keep users logged in.
Publishers have also turned to third parties like Branch, which uses links to pool information from its different clients to create anonymous IDs to inform individual companies of when their users are accessing their site on different browsers or on the app.
“Branch uses its links to help each company understand that this ‘new’ user on their website is actually someone who already has the app installed, or was previously logged in on a different browser, so that they can personalize that web experience or link them directly to the app,” Seghete said.
Shapiro, however, warns against reliance on third parties. “So much is based on trust with these companies people don’t know exist — it seems like a bad way to run things.”
In many ways, however, these efforts can feel like Band-Aids on broken bones. Ultimately, bigger changes would lie with Google and Apple, which have more power over the whole experience.
Recode and Vox have joined forces to uncover and explain how our digital world is changing — and changing us. Subscribe to Recode podcasts to hear Kara Swisher and Peter Kafka lead the tough conversations the technology industry needs today.