Decipher Tools Blog

News about all things iOS, especially backup, recovery, and forensics. Upcoming features for Decipher TextMessage, Decipher Backup Repair, Decipher VoiceMail, and Decipher Backup Browser.

Breaking it Down: How Twitter Lost 4 Million Users Due to iOS8 (and iPhone 6 Upgrades)

Kelly Wilkerson | | categories: iphone | View Comments

Twitter's company earnings call yesterday has started a storm of news about how Twitter lost users due to the release of iOS8. There are two major components cited for the lost users:

  1. In iOS7, Safari automatically fetched Twitter posts to populate the "Shared Links" section of the page containing Bookmarks, History, Reading Lists, etc.

  2. Many Twitter users forgot their Twitter password, and it wasn't automatically migrated when the user changed iPhones.

When I first started writing this article, I was furious at the idea that Twitter was counting users from the Shared Links section of Safari if it required absolutely-zero user interaction to initiate a feed refresh from Twitter. So, I did what any good crazy-developer does, and I ran a man-in-the-middle attack on my old iPhone 5s running iOS 7.1.3 so I could see when the Twitter feed is actually pulled.

The Twitter feed is fetched only when the iOS user clicks on the Shared Links section of Safari, so honestly, I would take this as honest user intention to view Twitter and other social networks they have setup.

Safari Shared Links section in iOS7 showing my Twitter feed.

How Did iOS8 Cost Twitter These Users?

So then I was curious what changed in iOS8 to mess this up. I opened Safari on my iPhone 6+ and clicked on the Shared links. My Shared Links were empty, but my Twitter account showed listed and enabled (and I failed to take a screenshot!) The Settings app showed my Twitter account listed, but only after I clicked on it, did I learn that my password was missing from my Settings app. Once I entered my Twitter password into Settings again, the Shared Links appear.

I backup and restore my iPhones a lot, and I do a lot of other goofy things to them because I work on corrupt backups and iOS bugs. But I was relatively sure my iPhone 6+ was restored from an encrypted backup, so I'm perplexed at why my password was missing in the Settings. I'm even more perplexed that I had to dig quite a bit to find this out, and in most places iOS showed me that my Twitter setup was fine. So I think there's some legitimate claim here that iOS8 is contributing to a lack of Twitter use from Shared Links nonsense.

Update: The issue I mention directly above is one of the primary issues that Twitter is referring to when saying iOS8 caused them issues. In early iOS8 there was a bug that required users to reauthenticate their Twitter account.

Here is my outline of password migration as it relates to Twitter and iOS versions and device changes:

  • The Twitter password stored in your Settings app for Twitter integration is not stored in the iCloud Keychain.

  • The Twitter password stored in Safari for the Twitter website is stored in the iCloud Keychain if you login and check Twitter through Safari. iCloud Keychain stores your Safari website passwords.

  • Twitter passwords (both Safari and Settings) are stored in your iCloud backup. However the passwords are encrypted with a key for the device that made the backup. If you restore that iCloud backup to a new device, like if you upgraded to an iPhone 6 or your iPhone was replaced, your Twitter password is not restored in the backup.

  • Passwords are only stored in an iTunes backup if the backup is encrypted. Many people don't know this and make the (unencrypted) backup before trading in/wiping/giving away only to find their passwords aren't restored after it's too late. Also, some people newly turning-on backup encryption in iTunes end up corrupting their backup and don't get their passwords migrated despite their efforts to do so.

So there are plenty of paths that lose the Twitter password, like using an iCloud backup to migrate to a new iPhone 6 or iPhone 6+. Also, as I just mentioned above, I migrated my data properly to ensure that I kept my passwords, but the reauthentication bug still got me.

I can definitely see a very casual Twitter user hitting the login screen and deciding they don't care enough to do the password recovery mechanism at the moment, and fading away from Twitter for a while. So there is a legitimate point here about Apple putting a barrier-to-entry on casual Twitter users with it's password migration strategy.