What's the problem with 'Sign in with Apple' from the perspective of app developers?



Jeff Hunter, CEO of the

AnyList app, which shares a shopping list with family, pointed out the problem with ' Sign in with Apple, ' which allows you to log in to various apps and services with your Apple ID.

Why AnyList Won't Be Supporting Sign In with Apple-AnyList Blog
https://blog.anylist.com/2020/06/sign-in-with-apple/

Apple is on March 26, 2020, iOS 13 in Store Apple SDK that defines the corresponding period of the June 30 announcement was. In it, Apple requires 'sign in with Apple' to be a requirement that must be adhered to when registering an app in the Apple Store. As a result, developers delivering apps in the Apple Store were forced to either 'sign in with Apple' or make significant changes to the app's specifications.

Mr. Hunter, who provides the shopping list sharing application 'AnyList', updated the official blog on June 29, 'After considering the benefits of 'Sign in with Apple', we decided not to support it. We understand that this decision can be embarrassing to some users, so we will elaborate on the reasons for the decision.'



According to Hunter, the login system that uses not only 'Sign in with Apple' but also services of other companies complicates dealing with users who have forgotten their registered email addresses and passwords, which is a headache for many customer support. It will be the seed of. But 'Signing in with Apple' has its own problems that other login systems don't have, Hunter points out.

One of the problems is that 'Apple ID is tied to iCloud service email address'. Therefore, many users will use 'Sign in with Apple' using their iCloud email address, and the iCloud email address will also be used to contact users from the service side.

However, the majority of users use email services such as Gmail and Yahoo on a daily basis and do not regularly check their iCloud emails. Due to this, AnyList said that it was becoming commonplace that 'the user did not notice the reply to the user who contacted customer support, and the angry user sent inquiries many times'.



Another issue is the ability to ' private mail '. This is a privacy feature that allows you to create an account with a unique email address generated by Apple in a random string instead of your email address.

If you set ``Private Mail Privately'', you can use the service without telling the service side your own e-mail address, but instead, when users contact customer support, random characters generated by Apple You'll have to look up the email address in the column.

This problem is a major obstacle to services that use account names to share information with others, such as AnyList. Even people who know the email addresses of family and partners rarely know the random strings that are automatically generated.



In addition, there is a problem that if you use 'Sign in with Apple', it will be very complicated for the developer to process the user account information on the system, and you will need to set up an account for 'Sign in with Apple' There have also been reports of serious flaws that could allow hijacking.

You can read more about this issue in April 2020 by reading the article below.

Vulnerability that websites and applications are taken over by Apple's authentication system ``Sign In with Apple'', discoverers receive bounty over 10 million yen from Apple-GIGAZINE



For this reason, Hunter said, 'Signing in at Apple' may be unwise to use systems that are immature enough to expose serious security risks.

in Software,   Security, Posted by log1l_ks