SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

Sign in with Apple: Digital privacy at last?

Posted on August 14, 2019

At this year’s Worldwide Developers Conference, Apple announced several forthcoming changes aimed at improving privacy and security for its users. Perhaps the most important of these was “Sign in with Apple”, slated for widespread release later this year.

In this post, we’ll talk about what Sign in with Apple is, why it matters…and whether or not it’s all it’s cracked up to be.

What is Sign in with Apple?

Many apps ask users to sign-in with a social media account, ostensibly in order to offer a more personalized experience. You’ve probably seen or used buttons that ask you to “Sign in with Facebook” or “Sign in with Google”. 

Starting this fall, Apple will require any app that uses these social logins to also offer Apple’s new alternative sign-in service: Sign in with Apple. 

The “Sign in with Apple” button will allow users to create and log in to a new account for the app without sharing any personal information.

Why do we need this?

Social media sign-in is undoubtedly convenient. But it’s also extremely problematic from a privacy standpoint—as Facebook and Google’s numerous and well-publicized privacy scandals have shown. Third-party sign-in services have committed any number of sins against privacy, from sharing and monetizing your data and social interactions to tracking your online and real-world movements.

In addition to this, many apps will ask you for an email address during the sign-in process, which then leads to mountains of spam cluttering up your inbox.

Apple saw a clear need in the marketplace for a better, more privacy-focused sign-in service, which gave rise to Sign in with Apple. 

How does it work?

When users are prompted to sign in to an app with their social media accounts, they’ll now be presented with the Sign in with Apple option as well. They tap the Sign in with Apple button, authenticate themselves with Face ID, and that’s it—they’ve created and logged in to a new account for the app without providing any other personal information.

Apps will still be allowed to request your name and email address, but Sign in with Apple will now allow you to either share your real email address or, if you prefer, use the new Hide My Email setting. 

Hide my Email allows Apple to create a unique random email address for the app to use. This address forwards to your actual email address, meaning that the app can still communicate with you—but without having your real email address. 

Apple creates a separate random email address for each app, so if you start to get spam from an app, you can disable the random email address for the offending app only without affecting any of the others.

Is it really all that?

So far, the response to Sign in with Apple has been overwhelmingly positive. It’s easy to see why. An end to oversharing personal information, the ability to use apps without being tracked, and burner emails for everyone? What’s not to like!

But is this really the privacy game-changer it’s being made out to be?

The answer seems to be a cautious “yes”, but with a couple of important caveats.

First of all, as we noted on a recent Checklist podcast, Sign in with Apple still requires you to share sensitive personal data with a giant technology company: Apple. Right now, Apple seems committed to privacy. But Sign in with Apple still requires a measure of trust. So the question is: Will Apple remain a trustworthy company? We hope so—but we’ll also be watching to see if anything changes in the years to come. 

Secondly, like most things in the realm of data privacy, Sign in with Apple isn’t a perfect solution. As some observers have pointed out, apps will still be able to access your IP address and thus your location data, at least indirectly. So if you’re really serious about privacy, you may want to use a VPN or log in to apps directly with a burner email and a very strong password.

All in all, though, we’re optimistic about Apple’s new moves to improve privacy and security, including Sign in with Apple. As the full rollout of the new security and privacy features announced at the WWDC starts to pick up steam this fall, we’ll have more coverage and commentary to keep you up to speed on the latest developments.

Join our mailing list for the latest security news and deals