Sign In With Apple
Auto Added by WPeMatico
Auto Added by WPeMatico
One of the bigger security announcements from Apple’s Worldwide Developer Conference this week is Apple’s new requirement that app developers must implement the company’s new single sign-on solution, Sign In with Apple, wherever they already offer another third-party sign-on system.
Apple’s decision to require its button in those scenarios is considered risky — especially at a time when the company is in the crosshairs of the U.S. Department of Justice over antitrust concerns. Apple’s position on the matter is that it wants to give its customers a more private choice.
From a security perspective, Apple offers a better option for both users and developers alike compared with other social login systems which, in the past, have been afflicted by massive security and privacy breaches.
Apple’s system also ships with features that benefit iOS app developers — like built-in two-factor authentication support, anti-fraud detection and the ability to offer a one-touch, frictionless means of entry into their app, among other things.
For consumers, they get the same fast sign-up and login as with other services, but with the knowledge that the apps aren’t sharing their information with an entity they don’t trust.
Consumers can also choose whether or not to share their email with the app developer.

If customers decide not to share their real email, Apple will generate a random — but real and verified — email address for the app in question to use, then will route the emails the app wants to send to that address. The user can choose to disable this app email address at any time like — like if they begin to get spam, for example.
The ability to create disposable emails is not new — you can add pluses (+) or dots (.) in your Gmail address, for example, to set up filters to delete emails from addresses that become compromised. Other email providers offer similar features.
However, this is the first time a major technology company has allowed customers to not only create these private email addresses for sign-ins to apps, but to also disable those addresses at any time if they want to stop receiving emails at them.
Despite the advantages to the system, the news left many wondering how the new Sign In with Apple button would work, in practice, at a more detailed level. We’ve tried to answer some of the more burning and common questions. There are likely many more questions that won’t be answered until the system goes live for developers and Apple updates its App Review Guidelines, which are its hard-and-fast rules for apps that decide entry into the App Store.

1) What information does the app developer receive when a user chooses Sign In with Apple?
The developer only receives the user’s name associated with their Apple ID, the user’s verified email address — or the random email address that routes email to their inbox, while protecting their privacy — and a unique stable identifier that allows them to set up the user’s account in their system.
Unlike Facebook, which has a treasure trove of personal information to share with apps, there are no other permissions settings or dialog boxes with Apple’s sign in that will confront the user with having to choose what information the app can access. (Apple would have nothing more to share, anyway, as it doesn’t collect user data like birthday, hometown, Facebook Likes or a friend list, among other things.)
2) Do I have to sign up again with the app when I get a new iPhone or switch over to use the app on my iPad?
No. For the end user, the Sign In with Apple option is as fast as using the Facebook or Google alternative. It’s just a tap to get into the app, even when moving between Apple devices.
3) Does Sign In with Apple work on my Apple Watch? Apple TV? Mac?
Sign In with Apple works across all Apple devices — iOS/iPadOS devices (iPhone, iPad and iPod touch), Mac, Apple TV and Apple Watch.
4) But what about Android? What about web apps? I use my apps everywhere!
There’s a solution, but it’s not quite as seamless.
If a user signs up for an app on their Apple device — like, say, their iPad — then wants to use the app on a non-Apple device, like their Android phone, they’re sent over to a web view.
Here, they’ll see a Sign In with Apple login screen where they’ll enter their Apple ID and password to complete the sign in. This would also be the case for web apps that need to offer the Sign In with Apple login option.
This option is called Sign In with Apple JS as it’s JavaScript-based.
(Apple does not offer a native SDK for Android developers, and honestly, it’s not likely to do so any time soon.)
5) What happens if you tap Sign In with Apple, but you forgot you already signed up for that app with your email address?
Sign In with Apple integrates with iCloud Keychain so if you already have an account with the app, the app will alert you to this and ask if you want to log in with your existing email instead. The app will check for this by domain (e.g. Uber), not by trying to match the email address associated with your Apple ID — which could be different from the email used to sign up for the account.
6) If I let Apple make up a random email address for me, does Apple now have the ability to read my email?
No. For those who want a randomized email address, Apple offers a private email relay service. That means it’s only routing emails to your personal inbox. It’s not hosting them.
Developers must register with Apple which email domains they’ll use to contact their customers and can only register up to 10 domains and communication emails.
7) How does Sign In with Apple offer two-factor authentication?
On Apple devices, users authenticate with either Touch ID or Face ID for a second layer of protection beyond the username/password combination.
On non-Apple devices, Apple sends a six-digit code to a trusted device or phone number.
8) How does Sign In with Apple prove I’m not a bot?
App developers get access to Apple’s robust anti-fraud technology to identify which users are real and which may not be real. This is tech it has built up over the years for its own services, like iTunes.
The system uses on-device machine learning and other information to generate a signal for developers when a user is verified as being “real.” This is a simple bit that’s either set to yes or no, so to speak.
But a “no” doesn’t mean the user is a definitely a bot — they could just be a new user on a new device. However, the developer can take this signal into consideration when providing access to features in their apps or when running their own additional anti-fraud detection measures, for example.

9) When does an app have to offer Sign In with Apple?
Apple is requiring that its button is offered whenever another third-party sign-in option is offered, like Facebook’s login or Google. Note that Apple is not saying “social” login though. It’s saying “third-party,” which is more encompassing.
This requirement is what’s shocking people as it seems heavy-handed.
But Apple believes customers deserve a private choice, which is why it’s making its sign-in required when other third-party options are provided.
But developers don’t have to use Sign In with Apple. They can opt to just use their own direct login instead. (Or they can offer a direct login and Sign In with Apple, if they want.)
10) Do the apps only have to offer Sign In with Apple if they offer Google and/or Facebook login options, or does a Twitter, Instagram or Snapchat sign-in button count, too?
Apple hasn’t specified this is only for apps with Facebook or Google logins, or even “social” logins. Just any third-party sign-in system. Although Facebook and Google are obviously the biggest providers of third-party sign-in services to apps, other companies, including Twitter, Instagram and Snapchat, have been developing their own sign-in options, as well.
As third-party providers, they too would fall under this new developer requirement.

11) Does the app have to put the Sign In with Apple button on top of the other options or else get rejected from the App Store?
Apple is suggesting its button be prominent.
The company so far has only provided design guidelines to app developers. The App Store guidelines, which dictate the rules around App Store rejections, won’t be updated until this fall.
And it’s the design guidelines that say the Apple button should be on the top of a stack of other third-party sign-in buttons, as recently reported.
The design guidelines also say that the button must be the same size or larger than competitors’ buttons, and users shouldn’t have to scroll to see the Apple button.
But to be clear, these are Apple’s suggested design patterns, not requirements. The company doesn’t make its design suggestions law because it knows that developers do need a degree of flexibility when it comes to their own apps and how to provide their own users with the best experience.
12) If the app only has users signing up with their phone number or just their email, does it also have to offer the Apple button?
Not at this time, but developers can add the option if they want.
13) After you sign in using Apple, will the app still make you confirm your email address by clicking a link they send you?
Nope. Apple is verifying you, so you don’t have to do that anymore.
14) What if the app developer needs you to sign in with Google, because they’re providing some sort of app that works with Google’s services, like Google Drive or Docs, for example?
This user experience would not be great. If you signed in with Apple’s login, you’d then have to do a second authentication with Google once in the app.
It’s unclear at this time how Apple will handle these situations, as the company hasn’t offered any sort of exception list to its requirement, nor any way for app developers to request exceptions. The company didn’t give us an answer when we asked directly.
It may be one of those cases where this is handled privately with specific developers, without announcing anything publicly. Or it may not make any exceptions at all, ever. And if regulators took issue with Apple’s requirement, things could change as well. Time will tell.
15) What if I currently sign in with Facebook, but want to switch to Sign In with Apple?
Apple isn’t providing a direct way for customers to switch for themselves from Facebook or another sign-in option to Apple ID. It instead leaves migration up to developers. The company’s stance is that developers can and should always offer a way for users to stop using their social login, if they choose.
In the past, developers could offer users a way to sign in only with their email instead of the third-party login. This is helpful particularly in those cases where users are deleting their Facebook accounts, for example, or removing apps’ ability to access their Facebook information.
Once Apple ID launches, developers will be able to offer customers a way to switch from a third-party login to Sign In with Apple ID in a similar way.
Do you have more questions you wish Apple would answer? Email me at sarahp@techcrunch.com
Powered by WPeMatico
Sharing with everyone is passé and more than a little bit scary these days. We want to send photos to friends without posting them publicly. We want to reminisce without being permanently defined by our timelines. And we want the utility of apps without giving away our contact info to developers.
The problem is that this philosophy is hard to monetize for a social network that needs to maximize broadcasted content and engagement to score ad views. But it’s easy to monetize if you sell the phone and then let people be as private as they want on it. That’s why today at WWDC, Apple showed off changes that turn iOS into the asocial network — software that mimics the tools of Facebook but without the pressure to overshare.
Most stunningly, Apple will require apps that offer third-party login options like those from Facebook and Google to integrate its new Sign In With Apple feature that lets users hide their email addresses from developers. It’s a power move that makes Facebook look wreckless with your contact info by comparison.
Privacy has been a core Apple talking point for years, from the iPhone’s secure enclave and FaceID to message encryption to protection against tracking. But those safeguards have been focused on getting out of the way to let Apple’s products to ‘just work’. Increasingly, Apple is moving privacy further forward in the user experience to highlight how you can get more out of sharing less. That’s a wise strategy since the company has proven its inability to build full scale social networks out of Ping, Apple Music Connect, and iMessage.
“At Apple, we believe privacy is a fundamental human right and we engineer it into every single thing we do” said Apple SVP Craig Federighi . Mark Zuckerberg declared “The future is private” at Facebook’s F8 conference a month ago, but proved it wasn’t his company’s past or present by failing to launch products that protect users. Now like Google did at I/O a few weeks ago with a slew of privacy tech launches, Apple is actually living up to its talking points with today’s beta release of iOS 13.
Photo Message Recommendations – When you bring up the Share Sheet for a photo or video in iOS 13, Apple will recommend people to send it to over iMessage or Mail based on who you frequently share with and if friends appear in the content. With a few taps you can privately deliver your imagery to a slew of your closest friends and favorite group chats, which could eliminate the need to post it more widely on Facebook or Instagram.

Asocial Media Tools – Instagram offers no way to download a photo or video you edit without first posting it to the feed first. That greedy growth hack leaves room for Apple to usurp more of the creative process. iOS 13 will let you edit videos for lighting, color, contrast, and more plus rotate clips you accidentally shot sideways — all which Instagram and Facebook can’t do. Forgoing the social network side lets Apple focus on tools that you’re free to use however you want.
And with the new Photo Day feature, Apple automatically hides and emphasizes different photos from each day to create magazine-style layouts. These ignite nostalgia and create a visual diary without the embarassment of all that content being on social media to power those TimeHop and Facebook On This Day features.

Memoji – To date, Apple’s interest in animated avatar masks that look like you has centered around FaceTime and video messages. But now it’s realizing how these virtual mini-me’s can enhance privacy while connecting more deeply. iOS 13 will let you opt to share your name and Memoji (or a real photo) as your message thread thumbnail in iMessage so new conversation partners like group chat friends-of-friends can better identify you without showing strangers your actual face. And Memoji can now be used as pre-generated stickers in chat, making it a direct competitor to Snapchat’s Bitmoji and Facebook’s Avatars that just launched today.

AirPods Audio Sharing – What if instead of trumpeting what you’re listening to on social media or fumbling to text a song link to a friend, they could just instantly pipe the sound into their headphones too so you’re rocking out in sync? That’s how the upcoming AirPods Audio Sharing works to let you exchange music privately over Bluetooth without exposing your guilty pleasure jams.

Apple’s most brazen attack saw it call out the social network by name on screen at WWDC. Flashing logos for “Sign In With Facebook” and “Sign In With Google” that are popular for joining new apps without setting up an account, Federighi noted that “This can be convenient, but it also can come at the cost of your privacy. Your personal information sometimes gets shared behind the scenes. These logins can be used to track you.”

As an alternative, Apple is launching “Sign In With Apple”. It uses FaceID in lieu of asking you to create a new username and password to register for a third-party app. Federighi told users they can opt to hide their email addresses from app developers and instead have Apple provide a randomized proxy address that forwards to their real one. That means users can permanently block spam messages from the app, prevent the developer from sharing or selling their contact info, and avoid being targeted with marketing via their email address as with Facebook Custom Audience ads.
The announcement drew the loudest cheers of any at WWDC. And it seems Apple is determined to wring as much competitive advantage out of its Sign In feature as possible. You might imagine that adoption by developers would be outside of Apple’s control, and it’d have to prove it drove more lifetime value than login options that always provide a user’s real email.
But while Apple failed to mention this on stage, the fine print of its developer news brief notes that “Sign In with Apple will be available for beta testing this summer. It will be required as an option for users in apps that support third-party sign-in when it is commercially available later this year.”

Sure, developers want to maximize signups by minimizing onboarding friction, which is why Sign In With features that don’t make you remember more passwords have grown popular. Adding the Apple sign-in option should theoretically help. But developers also rely on sucking in email addresses to wake up lapsed users with message blasts, target them and people similar to them with reengagement or install ads, and exclude existing users to save money when buying ads to recruit new users.
If developers fear Sign In With Apple’s proxy email address feature will hurt them by cannibalizing registrations made with Facebook or Google that don’t offer users a way to hide their real contact info more than the convenience of a third sign-in option will help, they may try their best to bury or minimize the mandatory feature. Apple might have to incentivize growth for developers in other ways, such as heavily promoting them in the App Store if they prioritize its login option to offset the lifetime value per user decline from the loss of contact info. Unless compelled by some moral imperative, developers aren’t likely to risk their business any more than they have to in the name of privacy.

It’s here that Apple will learn that taking the high road can have its speed bumps. It might monetize selling hardware, but its developer partners often still rely on constantly grabbing our attention.
Privacy is often an abstract concept to the mainstream consumer, that doesn’t dictate their decisions, judging by Facebook’s continued user growth. That’s why promotional campaigns around the philosophy of privacy can seem to have little impact. But by building products and platforms that are objectively more useful yet more privacy-friendly than those of competitors, Apple can allow natural market forces to sweep users in the right direction — which just happens to lead into its shiny retail stores.
Powered by WPeMatico