One of the major security messages from Apple's Worldwide Developer Conference this week is Apple's new requirement that app developers must implement the company's new single sign-on solution, Sign in with Apple, where they already offer another third-party sign-in system .
Apple's decision to claim its button in these scenarios is considered risky – especially at a time when the company is at the junction of the US Department of Justice over antitrust issues. Apple's position in the case is that it wants to give its customers a more private choice.
From a security perspective, Apple provides a better option for both users and developers, as well as other social login systems that have previously been hit by massive security and privacy violations.
Apple's system also comes with features that benefit iOS app developers ̵
For consumers get the same sign and log in as with other services, but with the knowledge that the apps do not share the information with a device,
If consumers decide not to share their real email, Apple will generate a random – but genuine and genuine email address.
Consumers can also choose whether to share their email with the app developer.
ver ified – email address for that app to use, then the route emails the app wants to send to that address. The user can choose to disable this app email address at any time – for example, if they start getting spam, for example.
The ability to create one-time emails is not new. You can add pluses (+) or dots (.) To your Gmail address, such as configuring filters to delete email addresses from addresses that are compromised. Other email providers offer similar features.
However, this is the first time a large technology company has given customers not only the ability to create these private app login email addresses, but to disable the addresses at any time if they wish to stop receiving emails on them.
Despite the benefits of the system, the news made many wonder how the new Sign In with the Apple button would work, in practice, at a more detailed level. We have tried to answer some of the more burning and common questions. There are probably many more questions that will not be answered before the system goes live for developers, and Apple updates the App Review policy, which is the fast-paced rules for apps that decide to enter the App Store.
1) What information does the app developer receive when a user chooses Logging in with Apple?
The developer only receives the user's name associated with their Apple ID, the user's verified email address – or the random email address that routes email to their inbox while protecting their privacy – and a unique stable identifier that allows them to set up the user's account in the system.
Unlike Facebook, which has a treasure chest of personal information to share with apps, there are no other permission settings or dialogs with Apple's login that confront the user having to choose which information the app can access. (Apple won't have anything more to share, anyway, as it doesn't collect user data like birthday, hometown, Facebook likes or a friends list, among other things.)
2) Must I sign up again with the app when I get a new iPhone or switch over to use the app on my iPad?
No. For the end user, logging in with the Apple option is as fast as using the Facebook or Google option. It's just a push to get into the app, even when moving between Apple devices.
3) Have you signed in with Apple work on Apple Watch? Apple TV? Mac?
Sign in with Apple on all Apple devices – iOS / iPadOS devices (iPhone, iPad and iPod touch), Mac, Apple TV and Apple Watch.
4) But what about Android? What about web apps? I use my apps everywhere!
It's a solution, but it's not so seamless.
If a user registers an app on their Apple device – such as the iPad, they will use the App on a non-Apple device, such as their Android phone, they will be sent to a web view.
Here they see a login with the Apple Login screen where they will enter their Apple ID and password to complete the sign. This will also be the case for web apps that need to provide the Apple Login log.
(Apple does not offer a native SDK for Android developers, and honestly it is not likely to do so soon.)
5) What happens if you click Sign in with Apple, but you have Forgot you already registered for that app with your email address?
Sign in with Apple integrate with iCloud keychain, so if you already have an account with the app, the app will notify you of this and ask you to sign in with your existing email instead. The app will check this for the domain (e.g., Uber), not by trying to match the email address associated with your Apple ID. This may be different from the email address registered for the account.
6) If I let Apple create a random email address for me, does Apple now have the opportunity to read my email?
No. For those who want a random email address, Apple offers a private email relay service. That means there is only routing email to your personal inbox.
Developers must register with Apple which email domains they will use to contact their customers offer two factor authentication
On Apple devices, users authenticate either touch ID or face ID of a second layer of protection beyond combination of user name and password.
On non-Apple devices, Apple sends a six-digit code to a trusted device or phone number.
8) How do I register with Apple that I am not a bot?
App developers access Apple's robust fraud technology to identify which users are genuine and may not be genuine. This is technology that it has built up over the years for its own services, such as iTunes.
The system uses machine learning on the machine and other information to generate a signal for developers when a user is verified as "real". This [a] no does not mean that the user is definitely a a bot – they could only be a new user on a new device. However, the developer can take this signal into account when giving access to features in their apps, or when running his own anti-fraud detection measures, for example.
9) When does an app have to offer log in with Apple?
Apple requires that the button be offered when another third-party login option is offered, such as Facebook's login or Google. Please note that Apple does not say "social" login though.
This requirement is what is shocking people as it seems to be heavy-handed.
But Apple believes that customers deserve a private choice, which is why it does the signup. required when other third party options are provided.
But developers do not have to use Sign in with Apple. They can choose to use their own direct login instead. (Or they can offer a direct login and log in with Apple if they want.)
10) If the apps only offer log in with Apple if they offer Google and / or Facebook login options, or Teller a Twitter, Instagram or Snapchat login button as well?
Apple has not specified this only for apps with Facebook or Google logins, or even "social" logins. Just a third-party login system. While Facebook and Google are obviously the largest providers of third-party application log-in services, other companies, including Twitter, Instagram and Snapchat, have also developed their own login options.
As third party providers, they will also fall under this new developer requirement.
11) Does the app to put on the Login with the Apple button on top of the other options otherwise be rejected from the App Store?
Apple is suggesting its button being prominent .
The company so far has only provided design guidelines to app developers. The App Store Guidelines, which dictate the App Store refusal rules, will not be updated this fall.
And it is the design guidelines that say the Apple button should be at the top of a stack of other third-party characters -In the recently reported buttons.
The design guidelines also say that the button must be the same size or larger than the competition buttons, and users should not scroll to see the Apple button.
But to be clear, this is Apple's proposed design patterns, not requirements. The company does not make its design proposal law because it knows that developers need some flexibility when it comes to their own apps and how to give their own users the best experience.
12) If the app only has users to register with the phone number or just their email, it must also offer the Apple button?
Not at this time, but developers can add the option if they want.
13) When signing in with Apple, will the app still make you verify your email address by clicking on a link they send you?
No. Apple confirms you so you don't have to do it anymore.
14) What if the app developer needs you to sign in with Google because they provide some of the app that works with Google services, such as Google Disk or Docs, for example?
This user experience would not have been good. If you signed in with Apple's login, then you will need to do another Google authentication once in the app.
It is unclear at the moment how Apple will handle these situations, as the company has not offered any kind of exception list for the claim, nor for app developers to request exceptions. The company did not give us an answer when we asked directly.
It may be one of those cases where this is handled privately with specific developers, without announcing anything public. Or it can't make any exceptions at all, ever. And if regulators addressed Apple's requirements, it could also change. Time will tell.
15) What if I currently log in with Facebook but want to switch to Log in with Apple?
Apple does not provide a direct way for customers to switch to themselves from Facebook or any other Apple ID login. Instead, it leaves migration to developers. The company's attitude is that developers can and should always offer a way for users to stop using their social login, if they choose.
Previously, developers could offer users a way to sign in only with their email instead of the third-party login. This is especially useful in cases where users delete their Facebook accounts, for example, or remove apps to access the Facebook information.
When Apple ID launches, developers can offer customers a way to switch from a third-party login to sign in with the Apple ID in a similar way.
Do you have more questions you would like Apple to answer? Email me at firstname.lastname@example.org