Anonymous Apps - Apps with No Login Required | Stashpad

Creating a good user experience starts from the minute someone downloads or opens your app. And oftentimes, one of the first negative experiences a user encounters is a clunky account creation or login process. This moment of friction can be the difference between successful adoption–or not, so it's important to get it right.

Enter, the concept of anonymous apps. Not to be confused with social media apps where you can login under a pseudonym. Anonymous apps don't require an account to use.

In this post, we'll explore anonymous apps, what they are, the benefits and challenges of building them, and some of our learnings in building elements of anonymous apps into our own app.

What is an anonymous app?

An anonymous app is an app that doesn't require the user to create an account or login to be able to use it. So the user flow would be: open the app, and get to work. If it sounds simple, it's because it is. At least on the user's side, but that's kind of the point.

Anonymous apps are not quite as simple to create and develop, but we'll dive into that a little later.

Benefits of anonymous apps

So why create an anonymous app? In the age of data gluttony, it may seem counterintuitive to let people use your app for free and not provide any data when doing so. Here are the main benefits as we see them:

1. There's no friction for a user to get started using your app, starting your relationship off on the right foot
2. You can get the user to the 'aha' moment faster without administrative-type distractions like verifying an account
3. You can get your app in front of as many people as possible and still collect usage-type data
4. Users only need to provide their email/personal details once they reach value with your app (if you offer non-anonymous options)

Your entire app doesn't need to be anonymous. What typically works well is if you create a "freemium" experience where the free or basic version is anonymous and doesn't require a login. Once the user wants to start upgrading their experience whether that be for additional security options or features that can't be implemented without login, they can then create a login and/or pay.

Challenges of building anonymous apps

Now, I'm sure by this point you have a lot of questions. As anonymous apps do go against some accepted best practices in the industry. There are some challenges to consider when deciding if this approach is right for you:

1. From the perspective of the builder, can you get enough feedback? Your data and ability to contact the user will be limited if they don't provide those details. However, there are ways around this. For example, building in feedback forms and using analytics that aren’t account-specific.
2. Also from the builder perspective, can you make money? It's important to strategically create a pricing model that incentivizes logging in and paying for premium features. At Stashpad, we have certain security measures that are only available to users that log in. We’re genuinely excited to offer a generous free tier because we love what we’re building and want as many people to have access as possible. And a generous free tier is key to Product Led Growth in our eyes.
3. From a user perspective, they may find an anonymous app confusing. They may not understand if they've been logged in automatically or not. The key here is to make it clear in the UI that you are not logged in. Think Anonymous Ardvark user icons or similar.

Security considerations with anonymous apps

Of course with anything related to building an app, there are crucial security considerations to make. To help bring to light these considerations, we'll share our thought process when designing a new anonymous product we're working on at Stashpad.

We're able to offer an app that meets the security needs of most consumers and smaller companies by using nano IDs, which are virtually unguessable by computers. However, there's a limitation in that if anyone gets sent the link by mistake, they would have access. This is acceptable for many use cases, like for example when you use Loom and don't set permissions, but not for cases where an enterprise IP is involved. In those cases, you can't restrict access without requiring proper login.

We considered a few work-arounds to this:

• To offer an anonymous waiting room (similar to a Zoom waiting room, but not logged in, where someone could enter a name and the doc owner could permit them). However, the downfall of this option is that someone could easily claim to be someone else.
• The ability to require a password for anonymous users. This way people can stay anonymous, but use a document-level password to enter the doc. The issue here is that the authorization would be done on the client side, not the server side so it could still be circumvented.

We feel either of the above more 'seemingly secure options' (but really not so much) are actually worse than offering real authentication and/or authorization security additions, because they're deceptive. So in our new product, you have an anonymous nano ID or and options for logged in restricted access. We believe this covers the vast majority of cases.

What do you think of anonymous apps? Is there a strong enough business case to consider this structure in your app?