Almost a year has passed since Twitter instigated its user token scheme to limit Twitter-based, unless authorised by the company to exceed that limit.
A particular type of application, the Twitter client, was singled out by the company for special attention as Twitter moved to exert as much control over its third-party ecosystem as it could get away with.
One Android app, Falcon Pro, has been through more trouble with Twitter and user tokens than most. In February this year, the app's developer Joaquim Vergès pushed the price of Falcon Pro to US$132 in an effort to limit the installation and, therefore, the number of tokens being used by the app.
That wasn't all Vergès had in store; as well as jacking up the price, he reset the app's key and thus gained another 100,000 tokens. He cited piracy as illegitimately eating up many of the precious tokens. It was a feat that Vergès repeated in June as the token limit was hit again.
There was still one trick that the developer had left to play, and this week, he played it.
From now on, Falcon Pro is free to download, install, and use from its website. Existing users are able to log in to the application in a Twitter-approved fashion, but for new users, there is a new, hidden way to log in.
The great insight into this new way of logging into the app is that instead of using the capped Falcon Pro key, it makes the user create their own Twitter API key and use that to interact with the social service.
In essence, Vergès has federated the use of his app in such a way that it makes revoking its keys increasingly harder for Twitter.
A great game of Twitter key Whac-A-Mole is about to begin — and how Twitter responds to this development will be interesting.
It could dedicate resources to individually knock out users' API keys, but the company would need to be absolutely sure that the key is coming from a federated Falcon install, and is not being used by an otherwise legitimate application or service.
Users who possess an Android device, are willing and able to sideload an app, and then understand and create an API key are such a small but vocal minority of the Twitter userbase, why bother chasing them down? Twitter could just let sleeping dogs lie and decide it isn't worth the time and resources to poke a hornet's nest of user outrage, company time, and twisted animal metaphors.
It's a devilishly clever move, and one that takes full advantage of Android's capabilities.
I can't wait to see how Twitter responds in this battle of the birds.