OpenID Foundation Claims 'Sign In with Apple' Could Expose Users to Security and Privacy Risks

by

At WWDC 2019 earlier this month, Apple announced Sign In with Apple, a new privacy-focused login feature that will allow macOS Catalina and iOS 13 users to sign into third-party apps and websites using their Apple ID.

signinwithapple
The feature has been largely welcomed as a more secure alternative to similar sign-in services offered by Facebook, Google, and Twitter, since it authenticates the user with Face ID or Touch ID, and doesn't send personal information to app and website developers.

However the implementation of Sign In with Apple has now been questioned by the OpenID Foundation (OIDF), a non-profit organization whose members include Google, Microsoft, PayPal, and others.

In an open letter to Apple software chief Craig Federighi, the foundation praised Apple's authentication feature for having "largely adopted" OpenID Connect, a standardized protocol used by many existing sign-in platforms that lets developers authenticate users across websites and apps without them having to use separate passwords.

Yet it cautioned that several differences remain between OpenID Connect and Sign In with Apple that could potentially put users' security and privacy in jeopardy.

The current set of differences between OpenID Connect and Sign In with Apple reduces the places where users can use Sign In with Apple and exposes them to greater security and privacy risks. It also places an unnecessary burden on developers of both OpenID Connect and Sign In with Apple. By closing the current gaps, Apple would be interoperable with widely-available OpenID Connect Relying Party software.

To remedy the situation, the foundation asked Apple to address the differences between Sign In with Apple and OpenID Connect, which have been recorded in a document managed by the OIDF certification team.

open id logo
It also invited the company to use OpenID's suite of certification tests to improve the interoperability of the two platforms, publicly state their compatibility, and join the OpenID Foundation.

Shortly after unveiling Sign In with Apple, the tech giant told developers that if an app lets users log in using their Facebook or Google logins, then it must also provide an alternative Sign In with Apple option.

The company then raised some eyebrows when it emerged that its updated Human Interface Guidelines asked app developers to place its authentication feature above other rival third-party sign-in options wherever they appeared.

(Thanks, Jonathan!)

Tags: Apple Privacy, Sign in With Apple Guide

Popular Stories

iPhone 17 Pro 3 4ths Perspective Aluminum Camera Module 1

New iPhone 17 Pro Details: Brighter Display, Best Battery Life, and More

Wednesday September 3, 2025 5:33 am PDT by
Apple's iPhone 17 Pro and iPhone 17 Pro Max models will feature a number of significant display, thermal, and battery improvements, according to new late-stage rumors. According to the Weibo leaker known as "Instant Digital," the iPhone 17 Pro models will feature displays with higher brightness, making it more suitable for use in direct sunlight for prolonged periods. The iPhone 16 Pro and...
Read Full Article73 comments
iPhone 17 Pro Dark Blue and Orange

iPhone 17 and iPhone 17 Pro: Release Date and Pre-Orders

Friday September 5, 2025 10:52 am PDT by
Apple will be holding its annual iPhone event on Tuesday, September 9, to unveil the iPhone 17, iPhone 17 Air, iPhone 17 Pro, and iPhone 17 Pro Max. Assuming that Apple sticks to its familiar pattern, the iPhone 17 series should be available to pre-order starting Friday, September 12 at 5 a.m. Pacific Time / 8 a.m. Eastern Time. The release date for the devices should be one week later, on Fr...
Read Full Article
Apple Watch Ultra 2 Complications

Apple Watch Ultra 3 Coming Next Week: Eight Reasons to Upgrade

Thursday September 4, 2025 7:38 am PDT by
We're only days away from Apple's "Awe dropping" fall event scheduled to take place on Tuesday, September 9 – and along with the new iPhone 17 series, we're going to get a new version of the Apple Watch Ultra for the first time since 2023. By the time the Ultra 3 is unveiled, it will have been two years since the previous model arrived. The intervening period has left plenty of room for...
Read Full Article95 comments
iPhone 16 Battery Life Feature

iOS 26's New Battery Life Mode is Limited to These iPhone Models

Wednesday September 3, 2025 1:19 pm PDT by
iOS 26 introduces an Adaptive Power Mode on the iPhone, alongside the existing Low Power Mode. Apple says Adaptive Power Mode can make "performance adjustments" when necessary to extend an iPhone's battery life, including slightly lowering the display brightness, allowing some activities to "take longer," and automatically turning on Low Power Mode when the iPhone's remaining battery life...
Read Full Article
iPhone 17 Pro in Hand Feature Lowgo

iPhone 17 Pro's Biggest Design Mystery is Finally Solved

Friday September 5, 2025 9:33 am PDT by
Apple is set to unveil the iPhone 17 series in just four days from now, and the biggest design mystery surrounding the Pro models has finally been solved. In a report outlining his expectations for Apple's event next week, Bloomberg's Mark Gurman said the iPhone 17 Pro models will have "a new cutout area on the bottom two-thirds of the phone that doubles as the wireless charging area."...
Read Full Article112 comments
iPhone 17 Pro Iridescent Feature 2

iPhone 17 and iPhone 17 Pro Prices Estimated Ahead of Apple Event Next Week

Tuesday September 2, 2025 1:50 pm PDT by
Just one week before Apple is expected to unveil the iPhone 17 series, an analyst has shared new price estimates for the devices. Here are J.P. Morgan analyst Samik Chatterjee's price estimates for the iPhone 17 series in the United States, according to 9to5Mac: Model Starting Price Model Starting Price Change iPhone 16 $799 iPhone 17 ...
Read Full Article60 comments
iPhone 17 AIR Loud Feature

iPhone 17 Air Could Start at $1,099 With 256GB Storage, 1TB for $1,499

Thursday September 4, 2025 2:54 am PDT by
Apple's upcoming iPhone 17 Air will have a $1,099 starting price providing 256GB of base storage and will max out at $1,499 with a 1TB option, according to the latest TrendForce report. Apple will offer three price/storage tiers for the all-new ultra-thin iPhone 17 model, which replaces last year's iPhone 16 Plus in the lineup. Here's how TrendForce sees them breaking down: 256GB — $1099...
Read Full Article114 comments

Top Rated Comments

Precursor Avatar
Precursor
81 months ago
OpenID "a non-profit organization whose members include Google, Microsoft, PayPal, and others."

Someone's in panic mode, less customer tracking huh
Score: 108 Votes (Like | Disagree)
garylapointe Avatar
garylapointe
81 months ago
Am I missing something in that the headline doesn't seem to support this with more info in the MacRumors story?

"reduces the places where users can use Sign In with Apple and exposes them to greater security and privacy risks."

Greater than what? Than no risk? Than not implementing 'Sign In with Apple'? Than Facebook?

"reduces the places where users can use Sign In with Apple"

Or is it just more risk in that it's not implemented everywhere?

Stating risk without actually reporting anything about the risk isn't really news and is kind of clickbaity...
Score: 68 Votes (Like | Disagree)
raybob Avatar
raybob
81 months ago
They’re worries because their biggest source of income “selling customers’” info is in jeopardy.
Google, microsoft and PayPal?!!!

It’s like pharmaceutical companies becoming members of a non profit which is concerned about cheaper medicine.
Score: 34 Votes (Like | Disagree)
btrach144 Avatar
btrach144
81 months ago
I’m going to assume Apple knows what it’s doing here and purposefully chose to leave out parts of the OpenID standard that didn’t align with Apple’s security needs or vision.
Score: 26 Votes (Like | Disagree)
goobot Avatar
goobot
81 months ago
The title sounds like Apple sign in is flawed but the article says that it’s just not available everywhere which somehow makes it a sercurity risk?
Score: 25 Votes (Like | Disagree)
Baymowe335 Avatar
Baymowe335
81 months ago
Not at all. I've already heard several Apple developers say they're concerned about the lack of interop with OpenID.
Not at all confirmed by your anecdotal story?
Score: 24 Votes (Like | Disagree)
Read All Comments