Monday, February 9, 2015 - 00:32

Using phone numbers as your users' GUID ... very bad idea.

It might seem like a natural resource but it really is just a highway into user management hell.

User-Ids are always a major pain in the ass. Mostly for the users. You have to pick a stupid username and more often than not it will be stupid username because everything else naturally is already taken. It's a bad way of telling your users that they are fucked before they even start using your application.

With many apps having a mobile-first or even mobile-only strategy simply using the user's phone number seems like a very good idea to prevent this stupid shit. Phone numbers are globally unique. They make perfect uids and you can connect your users automatically with their peers as soon as they signed up ... or so it seems. While phone numbers are in fact unique resources they are not representing the user but one of his devices. The one with the phone number. Every other device requires a new user or cannot use the service at all if it's not equipped with something that provides a phone number. One bad example that also shows the problem is WhatsApp. Every phone you have has a unique user. So if you have two phones you'll be twice in everyone's list. On top of that you can only use it on tablets that have a GSM (or similar) module and naturally you can't use it on the desktop. Well you can recently but only if the desktop is linked to a phone which acts as a proxy to WhatsApp. You can also only receive messages on that particular device. So if you're twice in the service you need to keep both phones around unless you want to miss something. It works but is borderline retarded.

Now in the case of WhatsApp one could argue that it searches contacts based on phone numbers. With that in mind it doesn't make much sense if you don't have one. And that may or may not be true for any given service. But if you have one phone number on one device that is sufficient.

If you would have a different UUID than your phone number you could connect any kind of device to that ID and only one of them would require a phone number for the service to work perfectly with all the other devices because that phone number could be used to link up contacts. And two phone numbers could be linked to one single contact. And that would be a big advantage. Not just for WhatsApp. The bad decision is haunting them for no particular reason other than being a rather shitty idea.

There is an obvious and easy way around it. If your primary way to connect your user base is their phone number create a hidden uuid that acts as the primary user id and link up phone numbers as secondary ids. Not only does it allow you to group them under one account. It also allows you to link in other platforms that do not provide a phone number and also handle changes in phone numbers gracefully.

If you ever need to expand to other platforms you'll just have to extent the authentication process to another scheme that's also linked to that account. For example the customer's Id, his Email address or a more classic username.

There are many options to chose a user's primary Id. His phone number or his Email address generally are bad ones. They can change some time in the future and most users would not appreciate if that means they have to create a new account.

In question always go with a generic solution that's assigning unique UIDs automatically. Your users don't need to know about it and they don't really care in the first place if they are a phone number or a more generic uuid as long as the phone number - or whatever is important - works to pick up their peers in the service.

Add new comment

This form is protected by Google Recaptcha. By clicking here you agree to include Google Recaptcha for this session. The page will reload and the form will become avaiable.