
App suddenly crashing on startup due to FBSDKRestrictiveDataFilterManager.m - reubensutton
https://github.com/facebook/facebook-ios-sdk/issues/1427
======
beagle3
Waze, a google owned app for the past 4 years, crashes because of the FB app.

WhatsApp, a Facebook owned app, will not give you read access to your own chat
database - it’s encrypted. But they have an arrangement with Google where it’s
will back up unencrypted to your Google account (though, Google won’t let you
retrieve it ... only the WhatsApp app can)

Everything about this duopoly, their cooperation and lack of competition
stinks to high heaven.

~~~
musha68k
Yes, it's definitely time for some slightly enhanced armchair activism!

Convert all active whatsapp contacts to signal? 80%? 50%?

Same for Facebook messenger!

It needs to be _uncomfortable enough_ \- if _they_ want to communicate with
_us_ and are minimally tech savvy ("click link to install app") they _have to
switch to signal_.

That's it.

I'm starting to send out messages over my morning coffee.

Let's do this together:

[https://support.signal.org/hc/en-
us/articles/360007060592-In...](https://support.signal.org/hc/en-
us/articles/360007060592-Invite-friends-to-join-Signal)

~~~
Semaphor
I’d rather keep using messenger than switch to signal. Nothing that requires
my phone number, and even worse, uses it as primary identifier, is something I
want to switch to (and no, obviously I don’t use Whatsapp either). I realize
that in this mobile-centric world that makes me a grumpy old man, but for me,
my E-Mail is the important ID.

~~~
bluejekyll
I’m curious why you see a difference between the two? Phone companies have
been giving away your phone number for years, it gets more spam then my email
address at this point, which has made me disable it for all incoming calls
except those in my contacts.

At this point, none of us even use phones, my family pretty much use Zoom and
at work everything is Google Meet, my phone function is basically a dead
function at this point.

~~~
MrDOS
I don't truly own my phone number. I barely control it. I can move it from
provider to provider, kind of, but it's still not _my_ number – the number is
a side effect of having cell service. In particular, if I move to a new
country, what happens to my phone number? (Having recently done so, I still
don't know: for now, I'm paying two cellphone bills, but that's obviously not
a long-term solution, and I don't know what is. Port it to Twilio, I guess.)

You can make the argument that I don't truly “owns” the domain name off of
which my e-mail address hangs, either, but it's a much better situation than
phone number ownership. There, at least, the constraints of ownership (rental)
are clearly defined, as is my ability to move it between registrars.

~~~
Semaphor
Yeah, that's pretty much my thinking. Phone numbers are extremely brittle. And
I didn't even think of changing countries, which might be in my future.

------
lathiat
That’s twice in as many months. They may need some better QA here although to
be fair it does seem mostly people with an older SDK version based on the
comments. But still. I guess they need to cotton onto whatever server side
change happened and roll it back.

At least this time you can disable the SDK (at least one app developer has a
kill switch for the SDK) unlike the last issue that happened during code
initialisation you couldn’t skip.

~~~
notacoward
> They may need some better QA

There's no such thing as QA at Facebook. Really. Developers are supposedly
responsible for _all_ testing of their own code, but all of the pressure is to
"move fast" so that goes about as well as you'd expect.

~~~
markmark
Looks like it's going pretty well, Facebook is currently worth 700 billion
dollars. Or is that not what you meant?

~~~
kevingadd
Close a great venture capital round, suddenly you've got a big pile of money
in the bank and your company's valuation is really high. That means you're
successful!

Make a lot of money selling lifetime subscriptions, then have nowhere to go
for cash next year: look at all that money! I'm very successful now!

If all you're measuring and optimizing for is "valuation" or "revenue" you're
not automatically going to get a good product or happy customers...

------
yreg
Workaround for users: Enable airplane mode and disable WiFi, or block facebook
domains

Workaround for developers: Go to Facebook Developer page > Analytics and
disable automatic Events.[0] Apparently this doesn't solve the issue for
everyone.

Issue in Facebook's tracker:
[https://developers.facebook.com/status/issues/17391881029111...](https://developers.facebook.com/status/issues/1739188102911114/)

[0] [https://github.com/facebook/facebook-ios-
sdk/issues/1427#iss...](https://github.com/facebook/facebook-ios-
sdk/issues/1427#issuecomment-656635461)

~~~
dividedbyzero
Do you know which domains one would need to block?

~~~
yreg

        facebook.com
        fbcdn.com
        fbcdn.net
        fbsbx.com
        fb.com
        instagram.com
    

WhatsApp can work without these, but maybe a smaller subset would suffice.
NextDNS[0] for iOS can be used for the blocking.

[0] [https://nextdns.io/](https://nextdns.io/)

~~~
funmi
Excellent, I was looking for this, thank you! Spotify launched on my iPhone
immediately after I added these domains to my NextDNS denylist.

------
adamparsons
My personal anecdote: I’m parked over on the side of the road because my
carplay habits of Spotify and Waze both kept crashing to the dashboard.

I couldn’t help but notice neither app worked even after a reboot, yet google
maps did. I was thinking there was a carplay bug and then thought: “oh boy
here we go, what are the odds, let’s check hackernews” and bam, of course it’s
the Facebook sdk again

I’m thankful that googles iOS-chrome and google maps doesn’t use the Facebook
sdk for something...

------
Austin_Conlon
They never responded to my request for a postmortem on the previous blunder:
[https://github.com/facebook/facebook-ios-
sdk/issues/1385](https://github.com/facebook/facebook-ios-sdk/issues/1385).

~~~
booleanbetrayal
Maybe if Facebook were actually required to provide post-mortems, the
developers would be more cautious about creating these outages in the first
place. One thing's for certain, the silence is infuriating.

~~~
delecti
Being "required" to provide post-mortems doesn't always mean they will
actually do it.

------
bschwindHN
Stop using facebook's garbage!

Or if you must, use their oauth flow and API but _don't_ include code of
theirs you don't control directly in your binary. It's just asking for
trouble.

[https://news.ycombinator.com/item?id=23099788](https://news.ycombinator.com/item?id=23099788)

~~~
scottmf
And then FB will ban your app.

~~~
swagonomixxx
Ban it from where? Using their API?

~~~
zedpm
Yes, Facebook requires that any mobile app using Facebook login do so via
their SDK. Presumably they will disable your Facebook app (breaking login) if
you don’t comply.

~~~
tdrp
They told us that explicitly. We had been using the URL-based login on the app
(i.e. open a browser with the URL and use the redirect to continue logging
in), for almost two years. Then about a year ago, they e-mailed us just before
a holiday and told us we had less than a week to move all of our apps to SDK
otherwise they'd just disable us. Their argument was that "it's not providing
the best possible experience to our users". There hadn't been a single
complaint about it though.

We had nearly 100,000 users logged into our app via Facebook login so we were
basically strongarmed into complying. We somehow pulled it off before the
deadline for both Android and iOS but felt really dirty afterwards.

------
andersco
How is it that a third party SDK is consistently causing apps to completely
crash rather than, for example, displaying an error message? Is this a failure
that cannot be caught? Sorry, just trying to understand. The dependency
relationship just seems to be extreme.

~~~
speedyapoc
My guess in this particular instance is that it seems like the Facebook SDK is
fetching some sort of remote serialized configuration, calling “count” on what
it expects to be an array, and instead is calling it on NSNull (an object
representing “null”) which is throwing an exception.

There are some intricacies on iOS surrounding null values and serialization,
and as a developer it is important to understand that you may encounter
NSNull. As a standard practice in my company, we type check every remote value
before calling anything on it. Seems like that would have prevented this
issue.

~~~
AndrewZM
This is exactly what happens. Basically a null value is converted into an
NSNull object and calling count on it will of course throw an exception...
because there is no count method in that class...

It makes me wonder what all those engineers at FB are actually doing... ?
Every time I tried to integrate or look into the FB SDK for simple
functionality it was a total clusterfuck.

~~~
x86_64Ubuntu
That's amateur hour stuff. Every developer in pretty much every language or
platform learns VERY quickly what happens when you don't do a null check.

~~~
blago
NSNull is not the null you think

~~~
x86_64Ubuntu
It may not be a conventional null, but I'm not aware of any tech where calling
"count" on a Null, .nil? or otherwise null-like construct won't end horribly.

~~~
plorkyeran
The Facebook SDK is written in obj-c, where calling `count` on `nil` is
perfectly valid and returns 0. It only doesn't work on NSNull, which is a
weird different thing that does not work like the language's built-in null.

------
krtkush
Given how protective Apple is about the experience of apps on the App Store
and this happening the second time, I'm surprised they have not come up with a
way to prevent this from happening. Also, a monolithic SDK should not exist in
this day and age.

~~~
tannhaeuser
Indeed, and if the FB SDK (as used by the Spotify app among others) does in
fact call home, it might violate Apple's TOS and give rise to rejecting those
apps on the App Store. I'm not up to date with Apple's policies, but wasn't
Apple specifically rejecting apps that seek to establish a platform within
Apple's platform? Now if Apple are going to play hardball on this one is
another question alltogether.

~~~
delfinom
It's a money game and Apple could totally crack down it, but they won't. They
may long term but they take cowardly slow steps like everyone else does.

~~~
scarface74
So exactly how much money does Apple make from free apps?

If Apple wanted to make money , it should make it harder for advertising
supported apps to make money and force apps to either not exist or get people
to pay for them.

I would be okay with that.

~~~
tannhaeuser
I guess Apple will have to weigh whether they'll want to tolerate the Fb app
on iOS, but more probably they have a deal with Fb (else they would've kicked
them out already). Considering Fb is said to be the main portal for "the web"
as a Fb user might see it (which I find still very hard to believe for a
number of reasons), if the Fb app (or worse, WhatsApp) isn't on iOS, with
Safari and FF already blocking most tracking on facebook.com, Fb might block
Apple devices altogether, and Apple _might_ or might not stand to loose in
device sales, depending on the intersection of Apple's with Fb's target
demographic. If it were only for Spotify (which is a direct competitor to
Apple Music), they'll have to weigh whether them kicking Spotify out will be
seen as anti-competitive vs having a good excuse for eliminating a competitor
on their own platform. But maybe my speculations are way off, and Apple will
just tell Fb to fix their shit.

~~~
scarface74
I would think that Spotify would want to remove the SDK. It doesn’t need the
marketing tie ins anymore and it doesn’t use FB for advertising.

------
emerongi
The most popular apps on one of the most popular operating systems just
plainly don't even open.

What has this industry become? How are we so goddamn inept at writing
software? This is an industry where we can automate testing - not many other
industries have this capability - and we still don't have a simple test regime
of "check if the app opens" for any of those apps. Somehow, at the most
valuable software companies of the world, nobody has set up a system that
makes sure that you can't introduce a change that renders these apps unusable?

WHAT THE FUCK.

I have always been afraid of software engineering becoming a trade similar to
medicine or law or (regular) engineering where significant barriers will be
put up before you can enter the industry, but this sort of shit makes me feel
like it could be for the better. I will have to go and get a degree, but
that's the price I have to pay I guess.

~~~
yreg
The apps are broken serverside by Facebook. No amount of testing (automated or
not) on the side of the app developers would have prevented this.

Facebook's own apps did not break since they are on the latest version of
FBSDK.

What Facebook needs to do is to test whether their changes don't break other
people's apps.

~~~
linux2647
I disagree. While, yes, Facebook needs to test their SDK, app developers need
to build resiliency into their apps to ensure third party dependencies don’t
break their app. The developer adopted it into their app; it’s their
responsibility to do the proper checks in cases like these where Facebook
broke things on their end.

~~~
monocularvision
This is a native SDK that is crashing the process. There is nothing an app
developer can responsibly do to prevent or recover from this crash.

Other than remove the SDK, of course.

~~~
XCSme
So there is no way to try {} catch {} it, right?

~~~
saagarjha
Yes, but 1. it’s hard to inject that as the crash happens very early at launch
and 2. Objective-C exceptions of this type are not intended to be caught.

~~~
robterrell
That's not strictly true, and anyway it's different for the app developer
versus a library provider. If you're making a 3rd party SDK that can throw,
you need to make it can catch those throws.

~~~
saagarjha
NSInvalidArgumentException is not intended to be caught. You can, of course,
but receiving one indicates a serious run-time error.

------
speedyapoc
Issue seems to be resolved, but the the comment on their bug tracker is almost
infuriating.

“ Earlier today, a code change triggered crashes for some iOS apps using the
Facebook SDK. We identified the issue quickly and resolved it. We apologize
for any inconvenience.” (1)

At the scale of Spotify and other massive blue chip apps, this bug could have
very well cost companies hundreds of thousands to millions of dollars in
damages. This apology on the bug tracker seems so insincere. With this type of
issue occurring twice in a couple months, I’ll be ensuring that no clients of
mine ever install or rely on Facebook services within their mobile apps.
Facebook has a responsibility to developers to ensure that their SDKs and
integrated components are stable, and they have failed.

[1]
[https://developers.facebook.com/status/issues/17391881029111...](https://developers.facebook.com/status/issues/1739188102911114/)

~~~
sigwinch28
Assuming that developers of these apps get the same license we plebs get (i.e.
NO WARRANTY), then I see very little recourse.

Facebook are big enough to blow this off, and they know it. At least... they
hope so.

------
michelb
Move fast and break other people's things.

------
pi-err
I use a non-Facebook login on Spotify and the app crashes right there.

How is this even possible, even less acceptable from Spotify point of view?

~~~
KuiN
It's not acceptable.

None of the apps broken on my phone require Facebook features for core
functionality. Downtime happens, but downtime due to your non-essential &
user-hostile ads/tracking/social SDK? These companies deserve every single
cent of lost revenue.

~~~
lukeramsden
If the last time this happens is anything to go by, a lot of apps have the
FBSDK to facilitate their "Log In with Facebook" functionality. The issue is
that you have to include a monolithic SDK that initialises itself without your
control just for simple functionality like that.

IMO, blame Facebook.

~~~
swagonomixxx
Blame both of them. I'm done with Spotify after this. I'm heading over to
Apple Music.

It's a total joke that an app would crash on startup because of this idiocy.

------
marinosbern
While Spotify crashing on launch may be a nuisance, this also affects life-
critical apps crashing on launch. Our forensic analysis [1] found that half of
the top 21 iOS safety apps send data to Facebook, and last time this happened
back in May we spot-checked some of these safety apps and they were all
crashing on launch. The SDK is typically included for ad attribution/tracking,
not Facebook login, so it wouldn’t even be visible to the end user, and
there’s no way to disable it.

[1] [https://parachute.live/blog/forensic-investigation-the-
shock...](https://parachute.live/blog/forensic-investigation-the-shocking-
state-of-privacy-in-safety-apps)

~~~
letitbeirie
I've installed dozens of life-safety-critical services and none of them had
ads or the Facebook SDK for very good reasons. AMA.

~~~
marinosbern
> _I 've installed dozens of life-safety-critical services and none of them
> had ads or the Facebook SDK_

Can you give a few examples?

> _none of them had ads_

The comment was about the Facebook SDK being used for ad _attribution_ , not
that the apps themselves have ads.

------
jgeada
Can confirm that blocking Facebook on my iPhone makes these crashes go away.
All in all I might leave that block up permanently as nothing going to those
addresses does me any good

~~~
afroisalreadyin
How do you do that? At OS level with a setting? Networking changes?

~~~
jgeada
I use an app called AdBlock [https://apps.apple.com/app/apple-
store/id691121579?pt=425087...](https://apps.apple.com/app/apple-
store/id691121579?pt=425087&ct=in-app-share&mt=8)

It creates a local VPN that sets up a local filtering DNS. I just added the
following domains to the block list:

    
    
       facebook.com
        fbcdn.com
        fbcdn.net
        fbsbx.com
        fb.com

~~~
riyadparvez
That's very interesting. Does Android have anything similar?

~~~
cpv
NetGuard. Creates a local VPN through which the internet is routed. Shows the
domains each app is accessing, can be blocked per app, or forbid internet at
system level (breaks things, require fine tuning).

Also you can configure a non standard DNS (like adguard, which can block some
things at the DNS level).

EDIT: or NextDNS, since it comes with some additional features.

~~~
propogandist
+1 Netguard. It's an essential app, along with Firefox with ad-blocking add-
ons.

Netguard by the same dev behind Xpirvacy, which provides dummy data to apps
that try to send back all sorts of unique identifiers to the mothership (+apps
like facebook).

Most popular apps call facebook IPs at launch, along with other analytics
services. It's quite disgusting.

[https://github.com/M66B/NetGuard](https://github.com/M66B/NetGuard)

------
scottmf
Seems to me like Apple needs to intervene here.

Even ignoring the privacy concerns, this is unjustifiable.

~~~
s_dev
Current position of Apple is if you're going to include the FBSDK Sign-In you
have to include the Apple Sign-In button too. Removing FBSDK is also
acceptable to Apple.

So Apple have put out an incentive to their third party Devs while still
giving some freedom.

~~~
scottmf
Apple needs to promote a simple solution to switch your Spotify/whatever
account from FB login to the privacy-focused Apple login.

Obviously it would require app developers to implement, but Apple has a lot of
power here.

~~~
philo23
This is sort of already a feature coming to iOS 14, though it's really for
switching an existing account to an Apple ID login, there's nothing
technically stopping a developer from using it to switch a user from FB login
connected account too.

~~~
scottmf
Oh that’s great, thank you. Hopefully Apple will take it a step further
somehow.

------
numpad0
For end users who need affected apps right now:

1) Download NextDNS from App Store

2) Open app. Hit (...)

3) Enable Custom Configuration, Config ID 22776a

It’ll DNS block some ads and Facebook domains. Turn off after you’re done.
Also assume any DNS server offered by random dude as poisoned.

Edit: Issue resolved! People, turn it off or switch to your own configuration.

------
jeremiahlee
[https://news.ycombinator.com/item?id=23790089](https://news.ycombinator.com/item?id=23790089)

------
zuppy
I've been fighting with this for an hour. what the heck Facebook guys, you
have a responsibility to not break the apps that use your SDK... You can move
fast and break you own things.

------
radisb
Not to sound as old or anachronistic but I kind of watch this stuff happening
and wonder when all those useless bubbly conveniences are going to burst.
Never had any account on facebook, twitter, instagram, viber, whatsapp etc.
Last similar stuff i used was IRC and ICQ. Some Messenger and skype but i
abandoned those long ago. Now I only use discord when I am gaming or wanna
talk to a friend and I am sitting in my desk.

Mobile phones were a big step forward from plain old landline ones. But in
terms of ease of communication this change was the last one with non-
deminishing returns. Maybe smart phones also just for browsing HN when I wait
in a queue or in the bus etc.

All those social networking and communication apps? Fcuk them.

I can perfectly communicate by calling or texting or video calling someone.
What exactly is the added value of those apps?

~~~
valuearb
If you are Spotify, it provided a seamless experience for millions of people
to sign up for their service. Now they have a lockin problem, and need to
figure out how to migrate those accounts to another authentication service.

And for Communication, you never use Slack? It's useful to segment your
communications by type, I don't want to give random Tinder ladies my home
phone number.

~~~
radisb
I don’t use tinder. I don’t use slack

------
rimliu
I cannot take anything Facebook does (at least on iOS) seriously since the day
they were bragging (with straight faces) about having so many classes that
Xcode could not cope with them. And IIRC, lots of them were auto-generated and
never pruned.

------
phlhar
Wow first I thought it was the same thread from a few weeks ago. But that this
is happening again is crazy!

------
0xy
It's fantastic news in that it forces the companies who will undoubtedly lose
millions of dollars in revenue from this to evaluate their inclusion of the
tracking spyware in their apps.

~~~
zuppy
that's not the only purpose of the SDK, we're using it for social login (login
with Facebook).

~~~
Nextgrid
You can implement OAuth entirely server-side without any client support beyond
displaying a web view. No need to include spyware and the approach is reusable
for any OAuth provider.

~~~
akmarinov
You can’t, it’s against their policy, if they catch you they’ll revoke your
access.

developers.facebook.com/policy/ 8.2 (which states “Native IOS and Android apps
that implement Facebook Login must use our official SDKs for login.” This has
a help icon next to it that opens a dialog on their site that shows a couple
pictures and then explains “Android apps should use the default login behavior
defined by the SDK, which may use the web-view Login dialog. On iOS, only
kiosk apps may use a web-view Login dialog.”

~~~
zentiggr
So do what the GP was hinting at and drop support for Facebook login, drop the
SDK, wash your hands and sleep better as well.

~~~
zuppy
this is not how real life works, you don’t get to choose all the features and
you can’t quit jobs every time you’re asked to integrate a sdk. also, you are
suggesting that it is a good option to drop support for all the customer
accounts that have used fb login, this is silly.

sometimes i wonder if you people lost all the connections with the reality...
or if you were ever employed.

~~~
zentiggr
I've been everything from making more money than I needed to homeless and
borrowing couches and front porches in winter.

I've also refused to include Facebook in my life even though the majority of
my extended family practically live there and rarely communicate outside of FB
posts. My wife and I just get text messages on the rare occasions instead.

Yes, been employed and unemployed. And I'm under no illusions that FB login
support will get dropped anytime soon. I can still lobby for the desirable
alternative.

------
occamschainsaw
I installed iOS 14 beta today and got mad at Apple because I thought the
update broke so many apps on my phone. Turns out it was FB sdk coincidentally.
One more reason to be mad at FB.

~~~
sigwinch28
Same thing happened here. Spotify wouldn't open and I thought "oh no, I need
to downgrade to listen to music via Spotify."

Someone recommended airplane mode and lo and behold the app started working.
This is Facebook's fault, but also Spotify's.

How such an established platform with supposedly-established engineers can let
a third party library crash their app at startup is genuinely embarrassing.

------
baxtr
I recently learned that you need the FB SDK in your iOS app if you want to
promote it on FB or Insta. So I guess most apps doing social marketing have
the SDK.

~~~
chancemehmu
This is not true.

~~~
potench
Are you sure? Seem to recall needing FB SDK to manage marketing pixels that
provide detail on marketing campaign analytics. If you’re spending money on
those platforms to drive traffic you’re going to want to optimize your spend
and see performance. To do that I believe you need the FB sdk - are you saying
there’s an alternative or are you saying “just don’t optimize performance”.

~~~
Nextgrid
Can't you optimize ad performance by generating unique URLs for each campaign
and then counting the number of clicks/installs per campaign on your own
infrastructure?

~~~
Schiendelman
“Can” is true but not the question at hand!

If Facebook, which charges money for advertising, let go of controlling that
tracking relationship, they’d lose a lot of money. So they won’t.

~~~
Nextgrid
Doesn't Facebook charge you for clicks regardless? Given the SDK is open-
source and is embedded in an app controlled by the developer, there's nothing
preventing them from modifying the SDK to report false clicks if Facebook
actually relied on the SDK to report ad metrics for billing purposes.

------
docdeek
I don’t use Facebook or Spotify but it seems the people who coded the NYT
Crossword app do - crashing for the last hour or more. Frustrating...

------
ChrisMarshallNY
<facepalm count="2" />

Not again...

~~~
bootloop
First I thought this is a repost...

------
johnvega
Seems like FB way of forcing devs to use the latest SDK, unless FB shares
technical details on what happened.

This is what FB for dev says:

"To make your app compatible with the latest iOS, be sure to use the latest
Facebook SDKs for iOS."

[https://developers.facebook.com/docs/ios](https://developers.facebook.com/docs/ios)

------
jasonlingx
> FB, Have you consider adding Continuous Integration and Functional Tests
> questions to your Interview's questionnaire?

:)

------
AlexandrB
What iOS desperately needs is a client side firewall like little snitch. It
would be an easy workaround for this nonsense - with additional privacy
benefits. Plus, if every time Facebook fucked up a portion of users started
blocking facebook URLs they might QA a little bit more thoroughly.

------
polack
Feels fair that it's happening to companies that hand over our data to third
parties.

Anything that can open the general public's eyes to how much data is leaked
through these kind of practices is a good thing. Hope it amounts to some non-
negligible loss for Facebook, Spotify and the others.

------
peteretep
I fucking hate that Spotify uses this.

~~~
Schiendelman
Use Apple Music!

~~~
pferde
Or just keep your music collection local and laugh in disbelief at these Black
Mirror-esque problems.

The simple act of listening to music should not require a vast server
infrastructure at the other end of the world, under control of a third party,
and a working global communications network. The fact that people got used to
this kind of nonsense is very, very scary to me.

~~~
duval
What is so scary about there being a market for a flat fee service allowing
you to listen to any song you want, any time you want?

The act of listening to music doesnt require a vast server infrastructure.
Thats why people could still listen to music they had stored offline during
the outage.

------
jeremiahlee
It's also crashing Deezer, but sadly few care.

~~~
afkqs
I do :) I'm not sure if this is a workaround or it got fixed already but I
managed to avoid the crash by quickly tapping on another tab on startup

------
alexhwoods
Move fast and break things guys

~~~
SwiftyBug
Break other people's things it seems.

~~~
radisb
And that's exactly the problem. We give them our things

------
Karupan
How is Apple not addressing this? This seems like a pretty glaring hole in
their tightly controlled environment. If the SDK is injecting code, shouldn’t
that be an explicit permission?

~~~
kerbs
I mean what would they do?

~~~
scottmf
Heavy restrictions on how apps use third party SDKs for signing in, forcing FB
to change its policy of requiring the SDK for native apps which use FB to sign
in.

And then reject new app updates which don’t follow the new rules.

Or just outright ban this spyware.

~~~
scarface74
Yes because government officials know enough about technology to pass those
types of laws.

~~~
scottmf
I’m talking about Apple.

------
layoutIfNeeded
Apple should ban these SDKs, period. If a third-party entity fucking up their
backend can bring down the whole ecosystem then they've lost control over iOS.

------
Hamuko
I actually went to the post office today (couple of hours ago) and tried to
use the national postal carrier's app to get my pickup code. The application
just kept crashing. I showed it to the man at the counter and he said that
others had had the same issue, although he didn't specify if it was earlier
the same day or way back. I wonder if it was the same issue.

------
tqkxzugoaupvwqr
I like how “Move fast and break things” still seems to be the mantra at
Facebook, undeterred from any breakage in the past.

------
rock_artist
Argh. Waze, Viber, Gett. It started yesterday on my wife’s phone and today I
see it across more devices.

~~~
Nextgrid
It would be nice to have a complete list of apps that include this spyware so
we can avoid them.

~~~
yreg
Or you can block the DNS to be sure.

    
    
        facebook.com
        fbcdn.com
        fbcdn.net
        fbsbx.com
        fb.com
        instagram.com

~~~
Nextgrid
I already do that, but it's good to still know which companies intentionally
distribute malware so you can avoid giving money to them.

------
gherkinnn
Ah, explains Strava crashing.

Mild inconvenience for now, hopefully this will have more people move away
from the FB SDK.

------
connorlwilkes
The same kind of thing happened today with Spotify's application on iOS and
this also happened about a month ago too. I am surprised that regression
testing tools aren't picking up these issues before they push these updates
out to user's devices

------
salzig
haha, my girlfriend just wrote me that her spotify stoped working on her
mobile.

Thanks, send her the github issue.

------
barryrandall
I'm looking forward to these future HN posts: "Increase iOS app reliability
with this simple trick", "How I Increased retention 10x by canceling
Facebook", and "Most popular app in world yanked for privacy violations"

------
neop1x
Of course FB SDK could work only _after_ a user requests its functionality by
tapping or logging in. But no... they need to harvest analytics and track
users as they do ad-business primarily... :(

------
Google234
This seems insane to me. Who rolled out this change? Why can’t they just roll
it back

------
drcongo
None of the apps on my phone are crashing because of this. I also don't have a
Facebook account, nor do I have the Facebook app installed. So it looks like
there's an easy fix, delete your account, delete Facebook.

~~~
didntlogin
The issue got resolved 5 minutes ago.

~~~
drcongo
And everything was already working for me fine before that. Admittedly I do
also have every Facebook domain blocked through NextDNS.

------
lucasar
It is evident that Facebook does not QA the way they should. It would be nice
if Apple added mechanisms that allow a dependency in an app to crash but allow
the host app to continue to run regardless.

------
G4BB3R
Would a type safe language solve this kind of crash? What caused it?

~~~
akmarinov
Seems like they’re no longer returning a string that older sdks expect and
they haven’t handled the case properly back then.

The crash is:

Crash information

-[NSNull count]: unrecognized selector sent to instance 0x1cd6fe1e0 2020-07-10 17:24:26.052924+0800 OSDemo[4198:604792] __* Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '-[NSNull count]: unrecognized selector sent to instance 0x1cd6fe1e0'

------
jmspring
The removal of FB and Google from my digital life are my goals for the next
year/. Where I need FB (groups) it’ll be a fake account through a vpn/etc

------
cpv
Is this a Deja Vu
[https://news.ycombinator.com/item?id=23097459](https://news.ycombinator.com/item?id=23097459)
?

------
Jakob
You can disable the Facebook SDK phoning home:
[https://developers.facebook.com/docs/app-events/gdpr-
complia...](https://developers.facebook.com/docs/app-events/gdpr-compliance)

Any idea why seemingly no one of the big apps does this?

------
cryptozeus
I have switched to FB web version and uninstalled the app, this has worked
very well for me. Its less engaging and I get to keep in touch with my family.

------
dathinab
That is now the how manyth time this happened?

Like wtf. they have so many resources how is it possible that even with that
they can't make their sdk error resilient.

------
iamspoilt
Oh is this why I couldn't play anything on Spotify during my morning run as it
kept crashing! Had to play Apple Music's Beats 1 radio instead.

------
subhajeet2107
This is also crashing PUBG Mobile and a lot of gamers are angry as a big
tournament (PMWL) is going to start soon, Facebook needs a better QA process

------
have_faith
I was wondering why spotify wouldn't open earlier today. Updating it didn't
help. And then later on it randomly started working again.

------
rvz
The risk of crashes increase the more third-party SDKs you include. Especially
if they use an external service or API which is the case here.

~~~
layoutIfNeeded
* Especially if the 3rd party SDK contacts the external service on launch without any user interaction.

------
hnick
I greatly appreciate the candid snark in the bug report. Sometimes there's
just not much more to say.

------
justinclift
Wonder if it was due to an expired or revoked certificate?

Maybe the mass revocation of EV certs happening ~today is the trigger?

~~~
bolmaster2
Who is revoking EV certs today?

~~~
justinclift
[https://www.theregister.com/2020/07/10/digicert_pulls_certs/](https://www.theregister.com/2020/07/10/digicert_pulls_certs/)

------
lyjackal
Top Google trending search suggestion on my phone right now: "iphone spotify
app keeps crashing"

------
zacwest
Apple's refusal to support XPC and the ability for apps to launch secondary
processes is the real underlying issue here. Being able to separate out
execution and process permissions from the main app solves a ton of third-
party SDK issues as well as just normal "why is my app crashing because of
decoding?"-style issues.

~~~
Spooky23
Sure, I really want multiple crashing Facebook spy processes crashing on my
phone continuously.

------
nradov
Apparently the Strava app is also impacted, and probably others as well.

------
sphix0r
Insane. Good to know what made my Spotify app crash upon startup though.

------
Tepix
The DJI Fly app is also affected. Workaround: Start it in flight mode.

------
bloemy
Seems like it's been fixed just now. All apps are working again.

~~~
Reason077
Yes, Spotify appears to have been hotfixed at least. Was 100% crashing for me
earlier this morning. Working fine now.

------
bloemy
Seems like it's just been fixed again. All apps are working.

------
bernardlunn
Memo to dev team - pay attention to tech stack risk

------
sjg007
I've noticed FB crashing as well.

------
heavenlyblue
Spotify is the same for me today

------
pluc
Couldn't Find Advertisers

------
beshrkayali
How/why does Spotify app use Facebook iOS SDK?

~~~
johannes1234321
You can login to Spotify via Facebook as you can see in the web version:
[https://accounts.spotify.com/en/login/](https://accounts.spotify.com/en/login/)
For doing that in a app they require the SDK, which then does all the spying
for Facebook.

~~~
dictum
Why is the Facebook integration not lazy-loaded only for users who log in
through an FB account?

~~~
johannes1234321
Because FB doesn't support that. Either you build it in and it runs some code
when your app starts or you can't use it.

I would vote for "not use it" but others want Facebook integration supported
and happily share information on all their users to Facebook ...

P.S. I believe part of this is also Apple, who don't like runtime loading of
code, as that makes their verification harder, but I'm no iOS dev or user.

