Experts weigh in on Apple's private sign-in feature
Can Apple handle privacy better than Facebook or Google?
Apple's WWDC 2019 was full of announcements, but few of them garnered as big a cheer from the crowd as when Sign in with Apple was introduced. The feature, which lets people use their Apple IDs to sign up for sites and services on the web, is being touted as a privacy-oriented alternative to Login with Facebook and Sign in with Google. "We've all seen buttons like this, asking us to use a social account login to get a more personalized experience with an app, and these logins can be used to track you," Craig Federighi, Apple's senior vice president of software engineering, said on Monday during the keynote. "We wanted to solve this, and many developers do too, and so now we have the solution."
That solution, according to Federighi, is Sign in with Apple, which he says will limit the amount of private information apps can get from people using its iOS and macOS devices. Although sites and apps will still be able to request your email address, Sign in with Apple will give you the option to hide it. And here's the kicker: If you do decide not to share that information, Apple will generate a unique, random email address that can forward messages from those services directly to your main inbox. This is going to keep sites and apps from knowing your real email address, and Apple says it won't use its sign-in tool to track any of your internet activity -- which the company says is what Google and Facebook can do with their login buttons.
With Google being fined recently in Europe over data-transparency violations, and Facebook on the verge of a multibillion-dollar FTC fine for questionable data-sharing practices, they don't have the best reputations when it comes to protecting user data. That said, it's not as if Apple hasn't had privacy controversies of its own.
Back in February, The Wall Street Journal reported that multiple iOS apps were sharing data with Facebook without people's consent. Last month, the paper published another story that found a number of developers that were using kids apps to collect, track and share children's information, including name and age. Incidents like that have led Apple to limit tracking and ads in apps for kids, a privacy measure it revealed at WWDC 2019 alongside its new sign-in feature.
But can Apple truly handle privacy better than Google and Facebook? To find out, we spoke to security and privacy experts about Sign in with Apple, most of whom believe the feature could be a game changer for protecting consumers' privacy. Some also see it as a real threat to Google and Facebook's bottom line, which of course relies heavily on targeted advertising and the personal data they can access from their own sign-in tools.
On the potential of Sign in with Apple
Ray Walsh, data privacy expert at ProPrivacy.com: "The concept of being able to sign in without using a real email address is a step in the right direction for consumers. Being able to sign in without sharing a real email address removes one crucial bit of data from those services' hands. However, web services still get to collect other crucial data from users when they visit their sites -- which can still be used to track them. When you visit a website, that service automatically receives your IP address; this is an extremely valuable tracking tool. Thus, Sign in with Apple is only removing one small piece of trackable data from the equation."
Dana Simberkoff, chief risk, privacy and information security officer at AvePoint: "[Sign in with Apple] represents another opportunity for Apple to use its long-standing commitment to privacy to enter a new market and to take some market share from its competitors that have been less privacy forward-thinking. If it's done right, not only [is it] a win for Apple but also a win for consumers that may be able to take advantage of a more privacy-centric sign-in option. Apple CEO Tim Cook has frequently spoken about the company's position against the collection of personal data. In particular, Cook has singled out the assembly of profiles of consumers for the purpose of targeting advertisements -- the heart of how Google and Facebook make money."
Matthew Hudnall, PhD, associate director and assistant professor of management information systems at the University of Alabama: "'Sign in with Apple is a much-needed feature that fits in well with [Apple's] evolving user-centric ecosystem. [It] represents the first shift away from the traditional keychain paradigm to one where hardware verified biometric identities coupled with dynamic credential generation, storage and verification remove the need for traditional passwords. While Apple is certainly not the only game in town trying to kill off passwords, they are definitely doing so in the manner with which we have come to expect from Apple: all or nothing."
Florian Schaub, assistant professor at the University of Michigan School of Information: "The ability to easily generate random email addresses and Apple handling the management of those credentials will make it much easier for consumers to protect their personal information when interacting with mobile apps and online services. It's interesting to see Apple take on the well-established single sign-on offerings by Google, Facebook and others but with a focus on making it easier for people to protect their privacy. It will of course require you to trust Apple to stay true to its promise and not track or analyze with which services you have accounts and how often you log in to those."
On whether Sign in with Apple is a viable, safer alternative to Facebook or Google's sign-in options
Walsh: "Signing into a service automatically using Google or Facebook is seen as problematic because it allows a connection to be made between those services. This leads to data being shared across the platforms and can cause varying levels of corporate tracking to take place from Facebook/Google to the service in question and vice versa. Allowing Apple to sign you into a service simply connects the service to Apple rather than Google or Facebook. However, it is still allowing a connection to be made between two services that could lead to data being accessed and shared across those platforms. Thus, it really depends how much you trust Apple over Facebook or Google as to how much better having them sign you in really is.
"My advice to consumers is for them to log in to all services directly each time; without connecting them to any third-party services. This will require an email address, but the consumer can simply use a burner email -- or an alias provided by a secure email provider. This removes the privacy and security concerns associated with sharing their email address but also removes the bigger problem of giving cross-platform access to information across distinct platforms and services."
Simberkoff: "The answer depends in part on the website and service for which you are registering. Arguably, a company like Apple may be better positioned to protect your identity and privacy than a number of smaller organizations and services that you might join and provide credentials to individually. Additionally, because consumers are often sloppy when it comes to creating accounts and passwords, they often use the same username and password in multiple locations. If this is the case, trusting that 'identity' to a smaller business may increase the likelihood of it being compromised in a breach or through a security issue.
"By using a single sign-on with privacy protections, consumers may be better protected. With that being said, if Apple were to have a failure it would create a significant impact. However, at least we know that they are unlikely to monetize this personal information in the same way that Facebook and Google have historically done."
Hudnall: "It is very viable, and due to Apple's tight control over its entire ecosystem, it is very likely that this will be rapidly adopted. The 'who has the fastest/best hot rod' competition that currently exists between Apple/Google/Facebook/Microsoft is excellent for consumers as technology is evolving rapidly. It is great to see that privacy and security will now be one of those contested battlegrounds and this announcement will pour fuel on that fire.
"There is no one technology or company that has significantly better enterprise stack, personnel, or resources. Apple does though have far greater control over its products and services than any of its competitors. Unlike Facebook who is solely reliant on host system hardware devices and Google who has limited input/control on the majority of devices running its software, Apple has complete control over the hardware and software verification processes. This certainly better positions Apple to implement a system that better ensures user privacy."
Schaub: In terms of viability, I have little concern. Apple is using its Apple ID accounts for authentication with a large number of Apple services already so it's now just making some of that functionality available for use with third parties. The big difference is that Apple is positioning Sign in with Apple as a privacy feature, whereas Facebook and Google present their single sign-on services as a convenience feature. Apple is and has been using privacy as a differentiating factor given that their business model centers around selling devices and now service subscriptions to its customers, as well as profiting from content provided through their platforms.
"Facebook and Google's business models, on the other hand, are largely based on being very good at targeting ads to people, which requires tracking people's online and app behavior. Having their single sign-on buttons on more webpages gives Facebook and Google more data points about which apps and services you use and how often. At least so far, Apple doesn't."
Is Sign in with Apple actually more secure than just using a site or service's own login system?
Walsh: "No, it is always better to sign up without giving a third-party service or platform access to that separate service. It is for this reason that secure email providers allow users to set up temporary burner addresses known as aliases. It is better not to use a third-party sign-in feature to gain access to any online service. It is always better to securely log in yourself to everything without the use of a third party. If this requires consumers to remember more passwords, then they should use a reliable password manager and two-factor authentication."
Hudnall: "Yes, but with many caveats. Apple's new system is better than a traditional username/password combo that the majority of people end up reusing across multiple sites. It is also a step up from good password manager like LastPass, Keeper, or Dashlane that dynamically generate different passwords for each site. Instead of generating passwords for each site, Apple's system keeps all credential verifications (primarily biometric) within its hardware and servers.
"After a user identifies themselves, a token is generated and cryptographically signed by Apple's servers and that authentication token is passed on to a website requiring authentication. The site then phones home to Apple to verify the token and get limited information about the user. Since no credentials ever leave the Apple system(s), the process is potentially more secure. However, many aspects of the Apple system are proprietary and could contain accidental or purposeful backdoors."
Schaub: "The most important benefit [with Sign in with Apple] is that not every app or online service out there gets your real email address. Almost any app and service now requires an account -- but do you really trust all of those companies to keep your personal data safe? Data breaches are pretty common and make people susceptible to phishing attacks and identity theft.
"If using Sign in with Apple results in people having unique email addresses for each account it might be easier for them to identify unexpected phishing emails to that address and to also stop such emails as well as unwanted spam by just deleting that address, assuming that's something Sign in with Apple will allow. That's very difficult if not impossible if you're using your actual email address all over the place."
Why is Apple placing so much emphasis on privacy now?
Walsh: "Apple has long understood that by pigeonholing itself as 'better for privacy,' it will always attract a certain amount of customers. However, it is worth noting that Apple products and services -- which are closed source -- have always been understood to be non-auditable by professional security experts. This alone ought to be an eye-opener for consumers because open source code that can be audited by third parties is the cornerstone of highly praised privacy services such as Open Whispers Signal.
"In addition, evidence has already surfaced that Apple helped US intelligence agencies with its PRISM surveillance program. For this reason, it is highly questionable whether Apple should really be trusted in the way that many people blindly do."
Hudnall: "It is really a sign of the times. Apple sees the massive data breaches like Facebook, Experian, etc. and has identified the need to better provide both protection and privacy for its users. It is a banner that Apple can readily take on compared to Facebook and Google. Apple's profit model does not rely on reselling user information, so protecting it is much easier for them to say and do as it won't impact Apple's bottom line.
"Anytime a company tries to increase its market share of authentication it will inherently become a more focused target of hackers. Apple needs to make sure that it has the hardware and services in place to weather larger-scale DDoS attacks along with general system uptime. Users will not tolerate having their single point of authentication being 'down for maintenance. I would also like to hear about the security measures Apple has in place for protecting user data and ensuring that the verification process is not susceptible to man in the middle or other attack vectors."
Schaub: "Apple has been using privacy as a differentiating factor for a while now, ranging from strong device encryption to attempting to implement privacy-preserving device and app analytics data collection. Going head-to-head with Google and Facebook on single sign-on might also be a timely attempt to underline that Apple is taking privacy seriously given the recent privacy-related announcements by Google and Facebook.
"What people should keep in mind is that Apple will be managing the account details and will likely be able to know when you log in to a service. This means you have to trust Apple to keep this information secure and not use information about your accounts in other ways. So you might want to be careful with sensitive accounts, such as for banking etc. However, if you're not already using a password manager that generates strong and unique passwords for your online accounts, Sign in with Apple will likely improve your security."
Although the experts we spoke to seem to agree that using Apple's sign-in tool may be a better and safer option than those from Facebook or Google, there are still questions Apple needs to answer, like what happens if you use Sign in with Apple and lose your iPhone or access to your Apple ID account? What's more, Shaub and Walsh said, Apple needs to disclose what type of user information it will be sharing with services and apps that support the feature. "What will the user controls for that sharing look like?" added Schaub. "Will users be able to revoke/delete randomized email addresses in the case of data breaches or spam?"
Apple will have to make those details clear before Sign in with Apple launches later this year.
