Onboarding is one of the highest-leverage UI flows. Every percentage point of drop-off is real users who never become customers. Mobile onboarding combines several concerns: permission prompts, sign-up vs login, tutorial vs not, analytics for funnel analysis. The interview tests whether you understand these tradeoffs.
Functional requirements
- Welcome screen explaining the value
- Sign up or sign in (email, social, passkey)
- Permission requests (notifications, location, camera) at the right moments
- Tutorial / feature highlights
- Analytics tracking each step
The “permissions at the right time” principle
Bad onboarding asks for every permission upfront. Users get permission fatigue and decline.
Good onboarding asks each permission when it is actually needed:
- Push: ask after the user has experienced value, with explicit explanation
- Location: ask the moment a feature requires it
- Camera: ask when the user taps the camera button
Sign-up vs sign-in flow
Best practices:
- Default to “Sign up” but obviously expose “Sign in” for returning users
- Detect existing accounts at email entry time and redirect to sign-in
- Support passkey-first auth where possible
- Social login (Apple, Google) reduces friction; offer alongside email
The “skip” button question
Should users be able to skip the onboarding tutorial?
- For products with strong value proposition: no tutorial needed
- For products with non-obvious mechanics: tutorial yes, skip yes
- Offer “show me later” rather than “skip forever”
Analytics
Track every step:
- Welcome screen viewed
- Sign up tapped
- Email entered
- Email verified
- Permission prompts shown / granted / denied
- Feature tutorial steps
- First action (the “aha moment”)
Define the funnel before measuring. Otherwise the data is noise.
The “aha moment”
The single action that converts a curious downloader into an engaged user. For Spotify: pressing play on the first song. For Slack: sending the first message. For Uber: completing the first ride.
Onboarding should drive users to this moment as fast as possible. Every step before is potential friction.
Architecture
Three components:
- Onboarding state machine: tracks where the user is in the flow
- Auth client: communicates with backend
- Analytics: events flushed to backend
Backend coordination
Onboarding involves multiple round trips:
- Email signup → verification email sent → user clicks link → app re-opens via deep link
- Social login → OAuth handshake with provider → token exchange with your backend
- Passkey enrollment → WebAuthn ceremony → server stores credential
Each step has failure modes (network drop, email delayed, OAuth provider down). Handle each gracefully.
The first-run experience
After auth, the user enters the app. First-run UX should:
- Show recent activity / personalized content if possible
- Provide a clear next action
- Avoid overwhelming with feature highlights — discover-by-using is often better than tutorials
Frequently Asked Questions
Should I require account creation upfront?
Sometimes. For products needing personalization or sync: yes. For evaluative products: let users explore first, then prompt to create account when they want to save state.
How do I handle a user who declines all permissions?
Provide a degraded experience. Don’t force them. Make it clear what they are missing, but respect the choice.
What about deferred deep links?
If a user installs from a marketing campaign, capture the campaign and the intended destination. Pass through onboarding and route to the destination after completion.