Apple ignited the battleground on privacy and security on June 4, when it unveiled Sign-In With Apple at the start of its five-day annual developers conference in San Jose, California.
Sign-in With Apple is a login feature, letting people use their Apple IDs to sign up for sites and services on the Web.
Users can also choose this sign-in feature to anonymise their e-mail addresses by selecting it to create a random email address to share with third-party apps.
This randomly generated e-mail address would also forward messages to users’ real e-mail accounts. Users can shut the addresses down whenever they want.
Apple is pitching its sign-in feature as more secure and private alternative to Login with Facebook and Sign-in with Google. It is designed to limit the amount of private information apps can get from people using its iOS and macOS devices.
Craig Federighi, Apple’s senior vice president of software engineering said that the new tool eases users’ concerns about privacy.
Apple’s new login feature will not reveal any personal information to any third-party app, he said during his presentation on new updates to iOS at the start of the conference.
Google and Facebook position their single sign-on service as a convenience feature, using it to track users’ movements on the Web, then gathering the data to target users with marketing messages.
With the massive data breaches that have been unveiled at Facebook and other organisations, Apple has presented its login tool as a privacy feature, correctly identifying the need to better provide both protection and privacy for its users.
It is a good approach for Apple to take since its profitability does not rely centrally on harvesting user information.
This login feature will be available with iOS 13 soon. Most users would welcome Apple’s stricter privacy protections. However, questions and issues remain.
1. What happens if I use Sign in with Apple and lose my iPhone or access to my Apple ID account? Greater clarity is needed here.
2. Each time a company tries to improve authentication, privacy and security, it will become a more focused target of hackers. Apple will need to ensure that it can weather any cyber attack as well as guarantee general system uptime now that it has about 1 billion iOS devices worldwide. Users will not tolerate having their single point of authentication unavailable at any point in time.
3. What measures are in place for protecting user data and ensuring that the verification process is not susceptible to man in the middle or other attack vectors?
4. Can Apple be trusted to keep user information secure and not use the data in other ways? I would be careful with sensitive accounts such as for banking and financial services.
Ultimately, the onus on ensuring personal information is private and secure also rests on users. They cannot push this responsibility to service providers. Being more cautious is a good start.
While I welcome Sign-in With Apple and I would use it for non-sensitive apps, I would keep to keep an eye on how Apple wields that power since it wields total control over the iOS apps universe.