Sign In with Apple — quick login for privacy geeks
Credit to Author: Sergey Golubev| Date: Thu, 27 Jun 2019 11:41:02 +0000
At its Worldwide Developer Conference earlier this June, Apple presented its new authentication system, Sign In with Apple, which lets users create new website and app accounts using their Apple ID. It’s supposed to be very simple: One click or a tap and you are signed in. According to the plan, the system is going to be tested this summer to become available to the general public toward year end.
The idea is not new: Facebook and Google have had a similar option for some years now. But the approach Apple chose differs fundamentally from those of its predecessors. Here’s why.
How does it work with Google and Facebook?
Many websites and apps offer Facebook Login and Google Sign-In options. It seems simple and convenient enough: one click and you don’t have to make up any new logins and passwords. Facebook and Google themselves will tell the new resource who you are, plus share some of the data from your profile, such as your e-mail, name, and avatar. But they may also share more than that.
Thus, when laying out the advantages its button offers to developers, Facebook notes that it may give a website or app a fully detailed record of the user, a volume and level of information the resource in question would never have collected that quickly. Yet in most cases you will be asked whether you are ready to share, let’s say, your contacts or interests.
Source: Apple’s keynote at WWDC 2019
As for your activities on the new resource, Facebook or Google will learn all about them without fail. Thus, if you log in to TripAdvisor through Facebook, the social network will be informed about your orders and feedback, and it will be able to serve you ads of, let’s say, last-minute travel offers for your preferred destinations. Some people may like such complaisance, but not all are prepared to share further details about their online experience with the social network. Especially if one recalls that sometimes, such information leaks from Facebook.
How is it going to work with Apple?
The Sign In with Apple system, just like its Facebook and Google counterparts, offers a quick way to register on a website or app without creating more logins and passwords. Yet unlike its predecessors, Apple is all about privacy.
The company promises not to keep track of your activities in the services you visit through the new feature and to give those services basically no information about you. The only pieces of data the new website or app will get are your name, e-mail, and the unique ID needed to create a new account for you.
Sign In with Apple offers a choice of whether to share your real e-mail address. Source: Apple’s keynote at WWDC 2019
Moreover, you will be able to keep your real e-mail address secret if you prefer. Instead, Apple will give the new resource a randomly generated mailbox and automatically forward letters from it to your real one without saving them on its server. A new temporary e-mail address will be generated each time a new account is created using Sign In with Apple. If something goes wrong, you will be able to deactivate any of these temporary e-mail addresses at any time. If you do, all those who had been writing to it, including spammers, will lose contact with you.
Examples of randomly generated e-mail addresses used to sign up with different apps through Sign In with Apple. Source: Apple’s keynote at WWDC 2019
System security was another one of Apple’s concerns. In particular, it has provided a two-factor authentication option. Apple device users will be able to prove their identity using Face ID, Touch ID, or a six-digit code.
Sign In with Apple — it’s not for everyone
Despite the advantages of the new system, in some respects it still is inferior to existing quick-sign-in buttons: Whereas Facebook or Google login options are available across platforms, Sign In with Apple mostly targets Apple device users.
The company points out that the magic button will be featured on all Apple gadgets, including Apple TV and Apple Watch. For devices running non-Apple operating systems, such as Android, only the website login option will be provided. It is supposed to work in all browsers.
Fraud protection functionality, too, may appear questionable in Sign In with Apple. The system uses it to figure out who wants to sign in to an account — a real person or a bot — and informs the service this account is on. On the one hand, the technology will very likely be able to block malicious attempts to log in under your name.
On the other hand, however, the company admits that the system is not perfect and may mistake real persons for bots. If you are a new user with a new device, and the system knows nothing about you just yet, it may find your behavior suspicious. Whether such a user will be successful logging in and what happens next will depend on how this particular service treats the information that the antifraud system supplies.
Sign In with Apple: Users must have a choice
So far, it looks like app developers may have little enthusiasm about Sign In with Apple. The more an app knows about you, the better it is able to customize adds, and the more money its makers are able to draw from advertisers. Apple’s button urges apps to be satisfied with little, which is unprofitable for them. Still, developers cannot ignore the new technology.
Apple chose quite a radical approach to its system deployment. Anyone seeking to distribute apps through the App Store while offering authentication through Google, Facebook or another third-party service will have to add Sign In with Apple to their list of options. And according to company officials, users must have a choice whether to allow different resources to collect their data.
Requirements for apps that use only good old registration with handcrafted login and password will suffer no change, though. Still, it has been observed on the Internet that Apple is stacking the deck by using its monopoly position to put pressure on developers.
As you see, Sign In with Apple is a convenient authentication tool for those unwilling to share their personal data unless they really have to, but so far not quite as widely applicable as the Facebook or Google login buttons. Also, for now the developers’ handouts are the only source of information about the new system. What its actual implementation will be like, time will tell.