Have you ever comes across social logins such as ‘Sign in with Google’ or ‘Sign in with Facebook’ on a website or an app? Did you try using any of those methods to sign in to access any service? If yes, then you already have some idea of what Sign in with Apple is. And therefore, comprehending it shouldn’t be that difficult, since these authentication methods rely on the SSO (single-sign-on) service. Single sign-on allows you to log in to third-party services using your existing (supported on the platform) account to prevent the service from accessing your password and other account information. However, in case you haven’t used any of those methods and are unaware of what these services and how they work, allow us to explain.
What is Sign in with Apple?
Before delving into what Sign in with Apple is, let’s first understand what an SSO (single-sign-on) service is. SSO is a session and user authentication service that offers users the convenience to sign in to third-party accounts and its related services using a single account (email address and password). For this, the service uses OAuth, which is an open-source standard protocol for delegating access.
In simpler terms, it is a way for the end-users to sign in and start using a service without having to manually sign up — all without requiring the need to give away their password and other personal information. Using SSO minimizes the need for users to sign up for accounts that they plan to use infrequently (or once), and in turn, takes away the need to remember the username and password for such accounts. Most importantly, it mitigates the risk (to a certain extent) of passwords and other personal information ending up on the servers of third-party services.
Until Apple introduced the idea of Sign in with Apple (its own SSO service), there have been numerous SSO services from the likes of Google, Facebook, Twitter, LinkedIn, and more that have been offering users the convenience to log in to third-party services without much hassle. Although, over the past few years, there were several questions raised on the credibility of the companies offering these services. Of which, some even speculated that a few companies have been keeping a tab on user activity to serve targeted ads and sell their personal information.
The very thought of this concern leads to one of the most crucial aspects of SSO, which, nowadays, is causing a lot of users to refrain from using such services. Even though using SSO allows you to limit the data (and user credentials) that would otherwise go to third-party services, it still allows the companies (offering the SSO services) to access your user activity (and the related data), which may or may not be used for illicit purposes. As a result, it eventually boils down to the end-user who needs to decide whether the service that they are going to use to sign in to a third-party service is from a company that they trust and whether they are fine with having their data end up on the servers of such companies.
How does Sign in with Apple work?
With Apple’s take on SSO, ie Sign in with Apple (introduced with iOS 13), users in the Apple-ecosystem (iPhone, iPad, Mac) get a unique way to sign in to third-party services without revealing a lot of personal details.
When compared to other SSO services, Apple’s take on SSO is pretty much the same, except for a few changes. The biggest of which is the use of a random ID. With Sign in with Apple, rather than sharing the original email address of its users with the third-party service, Apple offers users the option to hide their email address from the third-party service. For this, the service generates a unique, random email address, which is back-linked to the user’s original email address and shared with the app/service. Since this random email address is back-linked to the original email address of the user, every time the service wants to communicate with the user, it can do so using the random email address (and not the original email address) of the user.
By following this approach, the personal email address of a user is not shared with third-party services, which prevents them from spamming into users’ inbox. And this, in turn, ensures some privacy to the user. Furthermore, to offer better ease-of-use, Apple allows users to use a passcode, TouchID, or FaceID (on newer devices) to authenticate themselves, taking away the need to enter passwords manually each time they want to sign in.
Besides the use of a random email address, the other thing that Apple claims to be different on its implementation of SSO is about user privacy. Apple says it does now keep a tab on its users’ activity, and therefore, does not involve in offering targeted ads to its users. This does not come as a surprise though, since, over the past few years, it is pretty evident that Apple advocates its users’ privacy and security more than some of the other companies out there. And to a large extent, it does manage to keep up with its promises.
How to use Sign in with Apple?
To be able to use Sign in with Apple, the first requirement is that the service you want to sign in to must have Sign in with Apple implemented on its platform. While Apple has made it a clear requirement for upcoming apps on its platform (that use some sort of SSO), to provide the Sign in with Apple functionality, it has also asked app developers to implement the feature on the existing apps. To ensure the implementation is not left out, it has extended the deadline until April 2020.
Moving along, the other thing that you need to make sure to be able to use Sign in with Apple is that the 2FA (Two-Factor Authentication) option should be enabled on your Apple ID.
Currently, there are not a lot of services offering the Sign in with Apple SSO service. As a reason, you might not be able to use it across different apps and services. However, if you do happen to come across one that supports the service, here’s how you can use it.
1. First, make sure you are signed-in to your Apple ID on the device you are accessing the app or website.
2. Next, open the app or service that you want to use and tap on the button that says Continue with Apple or Sign in with Apple.
3. On a pop-up that appears on the next screen, tap Continue.
4. Now, on the next screen, you will be given the option to change your Name and share or hide your original email address. If you wish to prevent the service from getting access to your email address, you select Hide my email.
5. Finally, tap on Continue and authenticate your Apple ID using a passcode, TouchID, or FaceID.
That’s it. By now, you must be signed-in and ready to use the service. In pretty much the same way as a regular account — that you would have signed up for manually — you can use the app or service (by signing in using Sign in with Apple) without encountering any problem. And when the service provider (app or website) needs to communicate with you, they can use your pseudo (unique random ID) email ID to contact you, and you would receive the same on your original Apple ID.
In our opinion, while using Sign in with Apple allows users to keep their email address private and prevent unsolicited emails from filling up their inbox, it does not ensure complete privacy. As even though users are preserving their email addresses from different services, they are still leaving other footprints, such as their IP address or any other account-related information, for these services to access. And this, in turn, could still allow these services to track some information of its users.