Sign in with Apple- A new era of user privacy?

Image

In WWDC 2019, apple announced “Sign in with Apple” with an eye catching tagline “You control your data”. Sign in with apple is a new authentication option to compete with the existing sign in providers like- Facebook, Google. The fascinating part of this new authentication technique which created buzz among techies was PRIVACY. Apple has always prioritised user privacy where the other tech companies like Google and Facebook faces a lot of criticism. Though both the companies have now started taking privacy on a serious note now, Apple still remains a step ahead when it’s the about data privacy.

Even Google’s director- Mark Risher praised this new way of sign in with apple. “It will be better for the internet” he added.

Sign in With Apple feature has been rolled out lately to apple users in iOS13, Catalina OS and ipadOS updates. Apple has asked the application developers who have apps in Apple App store to implement the said feature in 180 days of the release.

Why Sign in with Apple is necessary?

Currently most of the users are using the authentication provided by social media platforms like Facebook to sign into the application which ultimately allows the developers and social media platform to trace user actions and activities which users know but don’t pay much attention.

Image

Photo taken from iphone XS while signing in Gaana application

Usually when a user opts to sign into an application using any of the social media provided authentication, he/she needs to provide a consent. A consent that the authentication will allow the app and website to share the information about you. Facebook and Google use this login information to help with user tracking and advertising.

While Apple sign in method will not be used for any of the purpose. Talking about privacy of sign in with apple, users will have to choose the option of using a randomly generated fake email address for the account. This will act like a postman which will deliver the emails to users’ actual accounts and will protect users to share the real email ids.

For example, ac@icloud.com email id will be converted into ei875b5mu@privaterelay.appleid.com and this newly generated raw email will be stored into user database and act like a firewall. If the user want to share his real mail, that option is also given.

To implement this securely, apple has used OpenId connect. It was came in light that Apple was not following the best practises earlier but now as Sign in with Apple, came into use, they have covered the bases and used the best practises recommended. Basically, Apple’s authentication feature not only make the account creation process simple but safe as well. At least safer than what we have right now using the third party authentication providers.

Image

The concept of Disposable Email Addresses is not new to the world. It is said that the developers can easily identify the DEAs generated using the enough services available on the web, but the idea here is to keep the user data safe and sound. Even though there will be challenges in customer support requirement, developers need to find a way to place a feature like user id after successful sign in, using which the user can get the support they require.

Pros and Cons

Being an apple user is a matter of delight as well as concern. This feature surely is a matter of delight for the users. They get the benefits like- built in security, privacy, simpler account creation process, anti-fraud and cross platform. Users are winner here.

While being a developer is not an easy task. You have to cop up with daily changing tech and have to upgrade the stuff even though you don’t want to. Sign in with Apple is kind of a headache for developers currently as they have to implement this feature if the application is available in Apple App Store. Being part of the apple app store, developers need to oblige the rules and policies implemented for app store. They have to provide support for this feature not only in iOS apps but also for web to maintain the user convenience. What if the user wants to log in from web rather than mobile app? For developers, a new task has been added for the development. Once that’s done, QA and Security folks will be lined up as usual to increase their work. ;)

Take on Sign in with Apple

Technology has its own pros and cons. The initiative of sign in with Apple is great even though it might have challenges like customer support, apple’s take on data transparency and hard work for developers and marketing companies. After the introduction of compliances like GDPR, FedRamp, SOC2 companies have started shifting the focus on privacy which is beneficial for users only. Also users will have less scam and fraudulent mails from untrusted sources. In a way or another, Sign in with Apple is a feature worth applauding for keeping user privacy on focus.

RELATED ARTICLES

Image

4G LTE attacks

The attacks exploit design weaknesses in three key protocol procedures of the 4G LTE network known as attach, detach, and paging.

READ MORE
Image

Wifi Security Protocols

In today’s world Wi-Fi has become the essential thing in our daily routine. The wireless networks are also not secure in this digital age.

READ MORE