Spotify Bug Kept Users Logged In to Facebook Even After They Disconnected
Spotify’s music software recently had a bug — since removed — that logged users back in to their Facebook accounts even after they had actively disconnected.
That the bug existed is particularly notable, given that Spotify is one of Facebook’s featured “frictionless” sharing apps and has recently been criticized for mandating that new users provide Facebook credentials, and for spraying into the new Facebook ticker every time a connected user listens to a song.
(Facebook is also separately under fire for tracking users after they log out.)
The Spotify bug affected users who joined the music jukebox service before Facebook’s platform launch on Sept. 22 and then connected to the new Facebook automated sharing tool. If they later tried to opt out of “scrobbling” their music activity to Facebook by disconnecting their Facebook account in the Spotify menu or preferences tab, they may have unknowingly started sharing again the next time they quit and reopened the app.
That’s because the Spotify app disregarded users having disconnected their Facebook accounts, and logged them back in the next time they loaded the app.
What this meant was that users who explicitly said they no longer wanted to share their music listening activity with their Facebook friends may have continued to share songs even after they thought they had stopped.
After I experienced this multiple times, I asked both Facebook and Spotify if users shouldn’t stay disconnected until they opt to reconnect themselves.
Facebook replied that Spotify was doing this wrong, and that it would let its partner know.
Meanwhile, Spotify took longer to get back to me, and eventually replied, “The issue you were experiencing with the disconnect from Facebook feature was a temporary bug, on account of us rolling out new clients with more privacy settings (such as Private Listening), which caused the feature to break. This feature is now fixed, and we apologise for any inconvenience caused.”
Indeed, the next time I quit and restarted Spotify, it automatically loaded up a new version that did not have the bug.
It’s unclear how many users shared music activity to Facebook when they thought they were not sharing. Spotify had introduced “private listening” back on Sept. 29, and fixed the bug after I told them about it on Oct. 7, a Spotify representative confirmed via email.
Spotify has said for a while that it has more than 10 million users. The new Facebook sharing tools, and Spotify’s prominence as part of Facebook’s launch, have helped cause a near doubling of active Facebook users on Spotify, now at 6.6 million from 3.5 million before the f8 conference, according to AppData.
Please see the disclosure about Facebook in my ethics statement.