As customers, we have become accustomed to providing very personal details like our email address, phone number, and other pieces of information without questioning why they are needed. As privacy becomes a major topic of discussion in modern technology, product designers need to think about how to embrace the growing trends surrounding personal information and how to tackle the challenges of obfuscating our traditional methods of identification.

At Dropbox, we believe privacy is foundational. Along with a seamless experience, we work hard to design projects that protect customer privacy. We do that by making sure we put the customer first and by building smart solutions to real problems. Recently, while evaluating new sign-up and sign-in flows in our core product, we faced a complex design challenge related to adapting to new features for privacy and maintaining a smooth user experience. Here’s how we approached it:

Adapting to new features

At its Worldwide Developers Conference in June 2019, Apple introduced a new, secure, and quick way to sign in to and sign up for iOS apps. This new feature comes with a specific requirement: Any iOS app that has a third-party sign-in service such as “Sign in with Facebook” or “Sign in with Google” must now include a “Sign in with Apple” button as an option for users. (The button offers to sign up a user if they don’t already have an account.) Since the Dropbox iOS app currently offers third-party sign-in services, we knew we needed to meet Apple’s new standards. If we didn’t comply, we risked having our app removed from the App Store.

A computer, tablet, and phone stacked in a row on a white background. All three devices display a "Sign in with Apple" interface.

Image by Ming Li and Aska Cheung

Apple made it simple for developers to integrate the “Sign in with Apple” feature with their apps, but the scope of the project increased after we further investigated an additional feature that was bundled with “Sign in with Apple.”

The complexity came from the “Hide My Email” feature inherent in “Sign in with Apple.” It allows the user to obscure their personal email address when signing up for an app, using a unique, randomly generated email address created by Apple.

An example of a hidden email created with Apple’s Hide My Email feature: df878udf8+dsfy8@privaterelay.appleid.com

Dropbox is a tool for collaboration, and we often surface our users’ email addresses throughout our products. For example, when users share files or folders with each other, the recipient will receive an email notification from the sender.

After we gained a better understanding of “Hide My Email,” we took a look at the existing user flows within our product and realized that this feature might cause several problems in the core experience. If a sender initially signed up for Dropbox using Apple’s “Hide My Email” feature, their randomly generated email address will be surfaced to a recipient within any notification email. When the recipient sees the sender’s email address, they might perceive the entire email as spam due to the nature of the obscured email address.

Chrome browser displaying Gmail interface. The email shows an example of the "hide my email" feature, which obscures the sender's email with a long string of random numbers and letters.

Image by Ming Li and Aska Cheung

The experience becomes more complex when a user who has hidden their email address is viewing a shared file. From a privacy perspective, this could be concerning to the owner of the file because they can’t recognize who is viewing their document. It could be particularly alarming if the document contains sensitive and private information. The owner might perceive the obscured viewer as a hacker who is trying to steal their valuable information, or as someone they simply didn’t want to share the document with. While this feature provides privacy for one user, it can cause alarm for another. When evaluating these trade-offs, we considered what would make our products and services worthy of trust. Trust is a core tenet of how we work at Dropbox, which made it important to resolve this product problem.

The Dropbox app is used by many of our customers to get work done, stay in sync with their teammates, and back up their most important files—even family photos. It’s important that customers can rely on our app for security, reliability, and privacy. It’s our job to take the pain out of collaboration, content management, and coordination within the online workspace. So when user privacy and compliance with Apple’s guidelines were at stake, we knew we had to solve for both sides of the problem.

What we thought was a simple implementation project turned out to be much more complex before we could achieve a smooth user experience with the product.

Balancing quick wins and long-term vision

In practice, hidden email addresses caused lots of friction in collaboration, customer support, and other critical scenarios throughout the product ecosystem. The issue isn’t necessarily about email addresses; it’s about how users perceive privacy and identity within our products.

With the reframed problem in mind, we explored several high-level strategies to cover both long-term and short-term needs, which we evaluated qualitatively from Dropbox, Apple, and user perspectives.

Four white cards on a grey background illustrating potential strategies for simplifying the "Sign in with Apple" user experience.

Image by Ming Li and Aska Cheung

After taking different factors into careful consideration, we decided that plans 2 and 4 were the best options. We believed that plan 4 would have greater long-term impact, and that changing the identification model would immediately affect the way users work with Dropbox, requiring in-depth design thinking as well as major infrastructure changes. We thought it was all worth it, but we were up against a tight timeline, so we had to act fast.

After scoping the constraints and challenges of this problem space, we decided to keep identification by email address as a short-term solution. To alleviate concerns about hidden email addresses, we now ask users for an alternative email address to guarantee a collaborative and transparent experience with Dropbox. To get this right, we needed to clearly communicate our intention of mitigating user privacy concerns.

Three devices on a grey background. Their screens display an optional user flow that would prompt the user for a "preferred email."

Image by Ming Li and Aska Cheung

Communication is key

In order to ask for an alternative email address, the first interaction in this flow is with the “Share My Email” screen. During initial testing, users found this screen confusing and contradictory if they actually wanted to hide their email address. We didn’t want to push users to share personal information, yet our goal was to encourage a better collaboration process with Dropbox. It was a challenge to clearly communicate our intention in this complex moment.

Four phones on a grey background. Their screens display early iterations of the "preferred email" experience.

Image by Ming Li and Aska Cheung

We conducted many rounds of iteration, research, and testing to ensure that our final design addressed all of the underlying needs and nuances. These include:

  • Users would like to sign up with confidence and the least amount of effort
  • When being asked for their important information, users would like the experience to be transparent, easily scannable, and optional
  • Users would like to understand why they are being asked to do things, the value of completing them, and what to expect next

Extensive iteration like this is worthwhile for complex issues that address user experience and privacy.

Based on insights from users, we’ve made several rounds of revisions and landed on the following design decisions:

One phone on a grey background that displays the interface that we landed on.

Image by Ming Li and Aska Cheung

  • Changed “main email” or “personal email” to “preferred email” to clarify the goal of this page
  • Focused on the benefits of adding a preferred email address and conveyed why it matters
  • Removed the illustration so that users can focus on the message we’re trying to convey
  • Turned the paragraph explaining benefits into bullet points to make it more scannable
  • Rephrased the headline to create a smooth and cohesive experience
  • Made the Skip option more explicit and visible
  • Embraced transparency and sign-up success

Taking a systematic view

After defining the strategy for the hidden email address, we also took a systematic look at the end-to-end user journey to make sure every use case was addressed. Designing sign-in and sign-up flows is contextual to a user’s starting point and has to account for the product information architecture. If there is too much friction, the user can become overloaded and conversion might suffer. This point in the user journey requires the design of a simple solution for a complex set of needs that will have a positive impact on the user experience and the business bottom line. It’s a make-or-break moment between the business and the customer.

After we broke down the problem for both sides of the customer journey, we narrowed in on three key flows regarding “Sign in with Apple”:

  • Sign in, or sign up with Apple and create a Dropbox account
  • Update email preference if hidden email address is in use after account creation
  • Update email preferences for general use cases

We took a systematic approach as we designed the new flow to ensure that all of the problems caused by “Sign in with Apple” were addressed. This helped us clarify our thinking while arriving at specific solutions.

Final results

As we experimented with each iteration of the sign-up flow, we looked closely at how these changes impacted new-user acquisition and our business metrics. Implementing the “Sign up with Apple” button allowed the iOS mobile app to gain a significant number of new sign-ups, which allowed more users to experience Dropbox on a mobile device.

Three phones on a grey background. Their screens display the steps to "Sign in with Apple" that the team finally implemented.

Image by Ming Li and Aska Cheung

Based on our results, we learned that the majority of our users who chose to hide their email address were able to understand the value of sharing a preferred email address with Dropbox. This helps avoid any potential issues related to privacy, which contributes to an overall better collaboration experience.

Lessons learned

As privacy becomes more important to users, we want to be considerate about the information we request. To reduce our reliance on private information, we are thinking deeply about other methods for identifying users.

Above all, this project confirmed our commitment to trust, transparency, and privacy within our products. We learned that they can be achieved by emphasizing why we are asking for a user’s private information and how it is going to benefit them. We found it crucial to convey the rationale behind each interaction. We took the time to prioritize the key experiences that would be improved if users choose to share a preferred email address with us.

Every interaction and product experience must be designed with all of our users’ needs in mind. While a sign-up or sign-in flow may seem simple at a glance, getting the first steps right is critical to building trust with our customers.

We share this as a case study from the product-design perspective, but it was a team effort that made it all happen in such a short time. Shout-outs to Japna Sethi, Sara Wiltberger, Benjamin Kowalski, Xuyan Ke, Vanessa Ung, EJ Reckers, and all other cross-functional partners.

Latest in Product Design