On the potential of Sign in with Apple
Ray Walsh, data privacy expert at ProPrivacy.com: "The concept of being able to sign in without using a real email address is a step in the right direction for consumers. Being able to sign in without sharing a real email address removes one crucial bit of data from those services' hands. However, web services still get to collect other crucial data from users when they visit their sites -- which can still be used to track them. When you visit a website, that service automatically receives your IP address; this is an extremely valuable tracking tool. Thus, Sign in with Apple is only removing one small piece of trackable data from the equation."
Dana Simberkoff, chief risk, privacy and information security officer at AvePoint: "[Sign in with Apple] represents another opportunity for Apple to use its long-standing commitment to privacy to enter a new market and to take some market share from its competitors that have been less privacy forward-thinking. If it's done right, not only [is it] a win for Apple but also a win for consumers that may be able to take advantage of a more privacy-centric sign-in option. Apple CEO Tim Cook has frequently spoken about the company's position against the collection of personal data. In particular, Cook has singled out the assembly of profiles of consumers for the purpose of targeting advertisements -- the heart of how Google and Facebook make money."
Matthew Hudnall, PhD, associate director and assistant professor of management information systems at the University of Alabama: "'Sign in with Apple is a much-needed feature that fits in well with [Apple's] evolving user-centric ecosystem. [It] represents the first shift away from the traditional keychain paradigm to one where hardware verified biometric identities coupled with dynamic credential generation, storage and verification remove the need for traditional passwords. While Apple is certainly not the only game in town trying to kill off passwords, they are definitely doing so in the manner with which we have come to expect from Apple: all or nothing."
Florian Schaub, assistant professor at the University of Michigan School of Information: "The ability to easily generate random email addresses and Apple handling the management of those credentials will make it much easier for consumers to protect their personal information when interacting with mobile apps and online services. It's interesting to see Apple take on the well-established single sign-on offerings by Google, Facebook and others but with a focus on making it easier for people to protect their privacy. It will of course require you to trust Apple to stay true to its promise and not track or analyze with which services you have accounts and how often you log in to those."
On whether Sign in with Apple is a viable, safer alternative to Facebook or Google's sign-in options
Walsh: "Signing into a service automatically using Google or Facebook is seen as problematic because it allows a connection to be made between those services. This leads to data being shared across the platforms and can cause varying levels of corporate tracking to take place from Facebook/Google to the service in question and vice versa. Allowing Apple to sign you into a service simply connects the service to Apple rather than Google or Facebook. However, it is still allowing a connection to be made between two services that could lead to data being accessed and shared across those platforms. Thus, it really depends how much you trust Apple over Facebook or Google as to how much better having them sign you in really is.
"My advice to consumers is for them to log in to all services directly each time; without connecting them to any third-party services. This will require an email address, but the consumer can simply use a burner email -- or an alias provided by a secure email provider. This removes the privacy and security concerns associated with sharing their email address but also removes the bigger problem of giving cross-platform access to information across distinct platforms and services."
Simberkoff: "The answer depends in part on the website and service for which you are registering. Arguably, a company like Apple may be better positioned to protect your identity and privacy than a number of smaller organizations and services that you might join and provide credentials to individually. Additionally, because consumers are often sloppy when it comes to creating accounts and passwords, they often use the same username and password in multiple locations. If this is the case, trusting that 'identity' to a smaller business may increase the likelihood of it being compromised in a breach or through a security issue.
"By using a single sign-on with privacy protections, consumers may be better protected. With that being said, if Apple were to have a failure it would create a significant impact. However, at least we know that they are unlikely to monetize this personal information in the same way that Facebook and Google have historically done."
Hudnall: "It is very viable, and due to Apple's tight control over its entire ecosystem, it is very likely that this will be rapidly adopted. The 'who has the fastest/best hot rod' competition that currently exists between Apple/Google/Facebook/Microsoft is excellent for consumers as technology is evolving rapidly. It is great to see that privacy and security will now be one of those contested battlegrounds and this announcement will pour fuel on that fire.
"There is no one technology or company that has significantly better enterprise stack, personnel, or resources. Apple does though have far greater control over its products and services than any of its competitors. Unlike Facebook who is solely reliant on host system hardware devices and Google who has limited input/control on the majority of devices running its software, Apple has complete control over the hardware and software verification processes. This certainly better positions Apple to implement a system that better ensures user privacy."
Schaub: In terms of viability, I have little concern. Apple is using its Apple ID accounts for authentication with a large number of Apple services already so it's now just making some of that functionality available for use with third parties. The big difference is that Apple is positioning Sign in with Apple as a privacy feature, whereas Facebook and Google present their single sign-on services as a convenience feature. Apple is and has been using privacy as a differentiating factor given that their business model centers around selling devices and now service subscriptions to its customers, as well as profiting from content provided through their platforms.
"Facebook and Google's business models, on the other hand, are largely based on being very good at targeting ads to people, which requires tracking people's online and app behavior. Having their single sign-on buttons on more webpages gives Facebook and Google more data points about which apps and services you use and how often. At least so far, Apple doesn't."