Last night on Twitter, I noted that the company’s iOS app now appends a query parameter based on an app’s bundle identifier when you share a tweet’s link via the system share sheet.
I didn’t know Twitter for iOS appended parameters for app bundle IDs every time you share a tweet’s link with extensions.
— Federico Viticci (@viticci) January 10, 2018
As some have noted, this appears to be a recent change in Twitter for iOS, which is less than ideal as the resulting link contains a long string of URL-encoded garbage. More than ugly URLs, however, what bothered me was Twitter’s implicit tracking of which apps users invoke to share links with – something that even applies to core iOS features such as Apple’s own Messages extension.
I wondered whether Apple should consider this a violation of App Store guidelines, but it appears that Twitter isn’t breaking any rules by appending app-based query parameters to their shareable URLs. Benjamin Mayo looked into this feature and explained how Twitter is leveraging public iOS APIs to read bundle identifiers from the share sheet – he even posted a proof-of-concept code snippet to show how it’d work in practice.
In reality, this is very easily achieved. As part of the activity provider API, the system asks for content to share for each sharing extension the user has installed. The Apple framework openly passes the activity type to the app. Twitter simply takes the base URL it wants to share and appends the ‘garbage’ before returning.
The important thing to note here is that the mechanism is innocuous and uses valid APIs provided by Apple. Twitter is not exploiting private APIs to achieve this. A cursory look at the app review guidelines suggests to me there are no grounds for Apple to scold Twitter (or any other app) for doing it.
My personal stance is that this is annoying but does not violate user privacy. Importantly, Twitter cannot append arbitrary information to its URLs system-wide; it is confined to cases where users share something from inside the Twitter app itself. I don’t really see a justification for Apple to amend the guidelines to disallow it. I just take it as another reason not to use the official Twitter app.
In conclusion, if links to tweets you copied from the Twitter app suddenly look longer and messier than before, this is why. Personally, while Twitter may be taking advantage of a publicly available API, I still think the implementation is, at the very least, in poor taste – especially because it’s coming from the same company that used to scan users’ devices to list installed apps and deliver “tailored content” based on them. Even though I won’t stop using the Twitter app because of this, I wish Twitter would revert to standard, clean URLs when sharing tweets from the app. I also hope Apple is taking a closer look at this.