Firebaseui-android: Move TOS/PP to Auth Method Picker screen, provide guidance for single-provider flow

Created on 5 Apr 2018  路  8Comments  路  Source: firebase/FirebaseUI-Android

This is an extension of #492 based on some internal discussion about the best way to handle this.

Currently we show the TOS/PP in two places:

  • Email sign up screen
  • SMS code prompt screen

Some problems:

  • Before getting to the email sign up screen, you have already entered some personal information (in the check email screen)
  • Sometimes the SMS code prompt screen is skipped when auto-verification works
  • There is no TOS/PP shown for social flows
  • When you enter a single-provider flow, there's no FirebaseUI-owned UI at all

Solutions:

  • Remove TOS/PP from everywhere that it is present
  • Add TOS/PP on the AuthMethodPicker screen, which is shown before any multi-provider flow
  • Add guidance in the README that developers using FirebaseUI for single-provider flows should show a TOS/PP screen in their own UI before launching FirebaseUI as there's no guarantee we will have a chance
auth fix-implemented feature request
Source
picture samtstern

Most helpful comment

Are you aware of the GDPR law requiring explicit consent of the user (e.g. by checking a checkbox)? Just saying "By signing up, you agree" is not legal anymore in any EU country.

More on this law: https://www.eugdpr.org

picture morgler on 30 Apr 2018
👍4

All 8 comments

Here are some examples of how other auth UI frameworks do this.

Okta
image

Auth0
image

Personally I think the Auth0 approach is pretty good.

samtstern picture samtstern on 5 Apr 2018
👍4

Update:
In the case of the email/phone flows we will continue to show TOS/PP with the following changes:

  • Move it to the first screen in each flow
  • Only show it in the single-provider case, which means the user will not have seen TOS/PP links in the Auth Method Picker screen

We will still need to provide guidance to developers using email flow because SmartLock could cause the UI to be completely skipped.

samtstern picture samtstern on 11 Apr 2018

Are you aware of the GDPR law requiring explicit consent of the user (e.g. by checking a checkbox)? Just saying "By signing up, you agree" is not legal anymore in any EU country.

More on this law: https://www.eugdpr.org

morgler picture morgler on 30 Apr 2018
👍4

16 days till GDPR, and apps aren't compliant without this. Can we get an ETA please?

eliotstock picture eliotstock on 9 May 2018

The fix for this has been merged into 4.0.0, now just waiting for translations to come through. Committed to getting this released before the deadline.

samtstern picture samtstern on 17 May 2018

@samtstern Have firebase any thoughts on the "requiring explicit consent" condition/ @morgler 's comment and whether the upcoming v4.0.0 changes are actually compliant?

ahaverty picture ahaverty on 17 May 2018

We believe these changes are compliant.

samtstern picture samtstern on 17 May 2018
👍1

This has been fixed and released in 4.0.0

samtstern picture samtstern on 24 May 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

RedCider picture RedCider  路  5Comments
ozican picture ozican  路  6Comments
sbotev5 picture sbotev5  路  4Comments
akrmn picture akrmn  路  4Comments
imax531 picture imax531  路  3Comments