iOS has gained tremendous features for power users in recent years in the form of Extensions in different parts of the OS amongst other things, but I have a basic frustration with everything that has been added to the OS: Everything is based on the fact that the owner of the application has to opt in. This approach is tackling the problem at the wrong end to me.
This very fact makes things like using 1Password in third party apps a pain in the ass for all the involved parties, which is in some ways understandable but frustrating non the less. Apple had repeated issues with the system falling over due to weird bugs, developers run into issues with maintaining the integration code and users are constantly frustrated that they can’t use their password manager in order to log into that hot new application everyones talking about. Let’s be honest here for a bit, who as a designer/developer wants to see the share sheet pop up in their login view? It’s great and solves a lot of issues at once but it just isn’t purpose built and weird looking.
The main reason for not adding any kind of extensibility to your iOS application though is brand endorsement. This issue applies to big tech companies who are well aware of products like 1Password or LastPass as well as any Bank or other Fortune 500 company whose developers or product managers might not be aware of these products. We are simply the result of our surroundings, and the products we create are heavily influenced by this as well. If these companies were to add support for one of these applications you will heavily anger a subset of your users who aren’t using app A but rather app B. If Facebook added support for 1Password on iOS but leave out LastPass support it would be all over the tech news sites.
The only solution for this is one that Apple provides: behavior templates for system extensions. In the case of a password manager the behavior is pretty simple since the workflow will always look the same no matter which app you use: > 1. open app (potentially new app) you want to log into, > 2. hit button to make your password manager look up your credentials and paste it into the login fields, > 3. hit the login button. > Done.
It could be so simple and apps using properly setup UITextFields would get the behavior on day 1.
Workflows like these exist all over the System (the new Siri integrations behave exactly like that) and I see so much potential to empower users as well as not putting any pressure onto companies to endorse any other product. Apples strength has always been in making very opinionated decisions about the products we buy (the famous Steve Jobs attitude of “If they don’t like it, fuck them. We don’t need any of them”). That is very much a part of the royalty you pay for Apple products, but in recent days Apple has been more open to the idea of picking out certain interactions that are the same across various apps and make them easier to integrate.
“You can have any wallpaper color on your iPhone as long as it’s black” -Steve Jobs.
Apple takes a bold stand in saying there are certain app categories on iOS (and also on macOS, tvOS and watchOS) that all behave in a similar way. We have studied all of their behaviors and came up with a protocol that expresses the one true workflow and defined it in a way that gives the user the best possible experience (and potentially security) in using the host application in a way that feels natural. The developers are able to take decisions on things like UI and the interaction models but security is put into users hands without their knowledge by downloading one of the apps that integrate very well with the system paradigmes. By doing that being a good platform citizen not only gives you bonus points with the nerds but also empowers your users and maybe even get you features in the App Store. Developers would be able to delete code all together from their apps, removing complicated logic and UI for which password manager to pick if multiple are available give users a known and trusted internation with the system when signing into their accounts. Google and other big cloud companies have done this in the same way on the web by building one trusted look for their login mechanisms.