Access Management , Governance & Risk Management , Identity & Access Management
Apple Emphasizes Privacy With Single Sign-On Feature
'Sign in With Apple' Seeks to Halt TrackingThe "social login" has always been a bit of a devil's bargain.
See Also: Beyond MFA: The Trick to Securing Machine Identities
Sure, it was convenient to seamlessly use Facebook or Google credentials to log in to another app or service. The social login offered an easy alternative to the fatigue of creating yet another set of login details.
But using Facebook or Google credentials for another app or service opens the door for granular observation of a user's internet activity, and that information can be used for targeted advertising. Plus, services could immediately learn more about those who were visiting their sites or using their apps based on data passed to them by Google and Facebook.
Now, however, Apple is seeking to upend those kinds of data exchanges as it increasingly seeks to use privacy as a competitive advantage. At Apple's Worldwide Developers Conference in San Jose on Monday, Craig Federighi, Apples' senior vice president of software engineering, introduced a new single sign-on authentication mechanism within iOS 13, the latest mobile operating system due to be released later this year.
The feature, called "Sign in with Apple," will allow for Apple credentials to be used to sign into other apps and services. Federighi says Apple wanted to solve the problem of social logins being used as data collection tools.
"Your personal information sometimes gets shared behind the scenes, and these logins can be used to track you," Federighi says.
Reduced Data Sharing
The difference, however, is that Apple will share little information with those services. Apps will only be able to ask for a user's name and email address. And users can choose not to reveal their real email address. Instead, Apple will create a unique address to supply to an app, and then email communications from the app will be forwarded. This borrows from other privacy-focused services that offer persistent and unique email addresses.
For example, Abine's Blur service offers "masked" email addresses and the ability to turn off forwarding if a service sends too many emails. Likewise, Federighi says Apple users will be able to turn off the forwards.
Assigning unique email addresses to different services also blunts the impact of data breaches. If a service gets hacked or exposes that unique forwarding email, it's not as big of a deal. Plus, if a separate service starts sending communications to the unique email address, it will be obvious which one has had a security incident.
Apple says it won't track the login activity. "You're in control of your data," the company says.
Threat to Targeted Advertising?
Some observers say that "Sign in with Apple" could pose problems for the advertising businesses of Google and Facebook. Email addresses are key data for targeting ads. But persistent, unique emails would foil that targeting.
"Apple has 1 billion device owners," writes Steve Cheney, co-founder of Estimote, a company that specializes in wireless sensor app technology. "Make no mistake, 'Sign in with Apple' can severely fracture the ad $$$ engines of FB and Google."
Apple's control of the App Store and wide deployment of iOS devices gives it power to impose the feature. It plans to require developers to enable "Sign in with Apple" for apps that support other third-party login tools, and a beta testing program will be launched later this year.
That doesn't mean users have to use it - they can still opt to create their own set of new credentials - but the apps must offer it.
Some observers have questioned whether apps will accept Apple's unique email addresses. Some services forbid registration of accounts with email addresses using certain domains. But crossing Apple isn't likely to benefit an app or service.