Apple's new authentication feature 'Sign In with Apple puts user privacy at risk,' OpenID Foundation raises concerns

by Trending Topics 2019

In the keynote speech of the developer conference ' WWDC 2019 ' held in June 2019, Apple announces Apple's new sign-in function 'Sign In with Apple'. We have announced that a new feature will be implemented in iOS and macOS in the future that can be logged in safely without entering a login ID or password for third party apps. But this 'Sign In with Apple puts user privacy at risk,' the OpenID Foundation has expressed concern and has published a public questionnaire on the site for Apple.

Open Letter from the OpenID Foundation to Apple Regarding Sign In with Apple | OpenID
https://openid.net/2019/06/27/open-letter-from-the-openid-foundation-to-apple-regarding-sign-in-with-apple/

OpenID Foundation questions Sign in with Apple-9to5Mac
https://9to5mac.com/20019/06/30/openid-foundation-sign-in-with-apple/

OpenID Foundation says 'Sign in with Apple' has critical gaps, urges changes
https://appleinsider.com/articles/19/06/29/openid-foundation-says-sign-in-with-apple-has-critical-gaps-urges-changes

'Sign In with Apple', announced by WWDC 2019, Senior Vice President of Software Engineering at Apple, Mr. Craig Federigi, is a new sign-in feature implemented on Apple's new operating system macOS Catalina and iOS 13 .

With this feature, Apple's authentication system via Face ID and Touch ID allows you to log in to third-party apps, eliminating the need for Apple users to create and enter login IDs and passwords for each app. At the same time, Federigi said, 'We are going to oblige third-party developers to adopt Sign In with Apple.'

On the other hand, the OpenID Connect standardization organization and OpenID Foundation, which are widely adopted for Facebook, Twitter, and Google's social login , have expressed concern through the public inquiry. The first sentence of the letter to Mr. Federigi was quite ironic: 'The OpenID Foundation appreciates Apple's efforts to achieve a secure login feature using OpenID Connect.' .

In the text of the following questionnaire, Sign In with Apple points out that OpenID Connect's technology is 'very heavily used or at least quite aware' and accuses users of putting their privacy and security at risk. The following requirements have been made to Apple.

1. Eliminate the gap between Sign In with Apple and OpenID Connect.
2. Take advantage of OpenID Connect's conformance test suite to improve Sign In with Apple security and interoperability.
3. Publicly state that 'Sign In with Apple is compatible with the widely used OpenID Connect and is interoperable.'
Four. Join the OpenID Foundation.

The questionnaire, signed by Mr. Natsuhiko Sakimura , President of the OpenID Foundation, said, “The OpenID Foundation and the community are highly welcomed by the response from Apple. Thank you for your consideration. It is done.