OpenID Foundation Claims 'Sign In with Apple' Could Expose Users to Security and Privacy Risks

by

At WWDC 2019 earlier this month, Apple announced Sign In with Apple, a new privacy-focused login feature that will allow macOS Catalina and iOS 13 users to sign into third-party apps and websites using their Apple ID.

signinwithapple
The feature has been largely welcomed as a more secure alternative to similar sign-in services offered by Facebook, Google, and Twitter, since it authenticates the user with Face ID or Touch ID, and doesn't send personal information to app and website developers.

However the implementation of Sign In with Apple has now been questioned by the OpenID Foundation (OIDF), a non-profit organization whose members include Google, Microsoft, PayPal, and others.

In an open letter to Apple software chief Craig Federighi, the foundation praised Apple's authentication feature for having "largely adopted" OpenID Connect, a standardized protocol used by many existing sign-in platforms that lets developers authenticate users across websites and apps without them having to use separate passwords.

Yet it cautioned that several differences remain between OpenID Connect and Sign In with Apple that could potentially put users' security and privacy in jeopardy.

The current set of differences between OpenID Connect and Sign In with Apple reduces the places where users can use Sign In with Apple and exposes them to greater security and privacy risks. It also places an unnecessary burden on developers of both OpenID Connect and Sign In with Apple. By closing the current gaps, Apple would be interoperable with widely-available OpenID Connect Relying Party software.

To remedy the situation, the foundation asked Apple to address the differences between Sign In with Apple and OpenID Connect, which have been recorded in a document managed by the OIDF certification team.

open id logo
It also invited the company to use OpenID's suite of certification tests to improve the interoperability of the two platforms, publicly state their compatibility, and join the OpenID Foundation.

Shortly after unveiling Sign In with Apple, the tech giant told developers that if an app lets users log in using their Facebook or Google logins, then it must also provide an alternative Sign In with Apple option.

The company then raised some eyebrows when it emerged that its updated Human Interface Guidelines asked app developers to place its authentication feature above other rival third-party sign-in options wherever they appeared.

(Thanks, Jonathan!)

Tags: Apple Privacy, Sign in With Apple Guide

Popular Stories

2024 iPhone Boxes Feature

Apple Adjusts Trade-In Values for iPhones, iPads, Macs, and More

Thursday November 6, 2025 11:12 am PST by
Apple today updated its trade-in values for select iPhone, iPad, Mac, and Apple Watch models. Trade-ins can be completed on Apple's website, or at an Apple Store. The charts below provide an overview of Apple's current and previous trade-in values in the U.S., according to its website. Maximum values for most devices either decreased or saw no change, but the iPad Air received a slight bump. ...
Read Full Article73 comments
Liquid Glass General Feature

Apple Shares Liquid Glass Design Gallery

Thursday November 6, 2025 2:45 pm PST by
Apple is promoting the new Liquid Glass design in iOS 26, showing off the ways that third-party developers are embracing the aesthetic in their apps. On its developer website, Apple is featuring a visual gallery that demonstrates how "teams of all sizes" are creating Liquid Glass experiences. The gallery features examples of Liquid Glass in apps for iPhone, iPad, Apple Watch, and Mac. Apple...
Read Full Article119 comments
airtag purple

Apple's Website Lists AirTag 4-Pack at Shockingly Low Price [Updated]

Friday November 7, 2025 6:40 am PST by
Apple's online store in the U.S. is suddenly offering a pack of four AirTags for just $29, which is the same price as a single AirTag. This is likely a pricing error, and it is unclear if orders will be fulfilled. Apple has not discounted the AirTag four-pack in any other countries that we checked. Delivery estimates are already pushing into late November to early December, suggesting...
Read Full Article100 comments
Early Black Friday Deals 1

The Best Early Black Friday Apple Deals on AirPods, Apple Watch, iPad, and More

Saturday November 8, 2025 6:16 am PST by
We're officially in the month of Black Friday, which will take place on Friday, November 28 in 2025. As always, this will be the best time of the year to shop for great deals, including popular Apple products like AirPods, iPad, Apple Watch, and more. In this article, the majority of the discounts will be found on Amazon. Note: MacRumors is an affiliate partner with some of these vendors. When ...
Read Full Article5 comments
iOS 26

iOS 26.1 Available Now With These 8 New Features

Monday November 3, 2025 5:54 am PST by
Following more than a month of beta testing, Apple released iOS 26.1 on Monday, November 3. The update includes a handful of new features and changes, including the ability to adjust the look of Liquid Glass and more. Below, we outline iOS 26.1's key new features. Liquid Glass Toggle iOS 26.1 lets you choose your preferred look for Liquid Glass. In the Settings app, under Display...
Read Full Article
ikea smart home devices

IKEA Debuts 21 HomeKit-Compatible Smart Bulbs, Sensors, and Controls

Thursday November 6, 2025 4:08 pm PST by
IKEA today announced the upcoming launch of 21 new Matter-compatible smart home products that will be able to interface with HomeKit and the Apple Home app. There are sensors, lights, and control options, all of which will be reasonably priced. Some of the products are new, while some are updates to existing lines that IKEA previously offered. There are a series of new smart bulbs that are...
Read Full Article77 comments
Apple fitness plus feature

Future of Apple Fitness+ 'Under Review'

Sunday November 9, 2025 5:30 am PST by
The future of Apple Fitness+ is "under review" amid a reorganization of the service, according to Bloomberg's Mark Gurman. In the latest edition of his "Power On" newsletter, Gurman said that Apple Fitness+ remains one of the company's "weakest digital offerings." The service apparently suffers from high churn and little revenue. Nevertheless, Fitness+ has a small, loyal fanbase that...
Read Full Article196 comments
maxresdefault

In-Depth iPhone Battery Experiment Pits Slow Charging Against Fast Charging

Friday November 7, 2025 1:19 pm PST by
HTX Studio this week shared the results from a six-month battery test that compared how fast charging and slow charging can affect battery life over time. Using six iPhone 12 models, the channel set up a system to drain the batteries from five percent and charge them to 100 percent over and over again. Three were fast charged, and three were slow charged. Another set of iPhones underwent...
Read Full Article173 comments
apple watch se 3 always on

Apple to Remove iPhone-Apple Watch Wi-Fi Sync in EU With iOS 26.2

Thursday November 6, 2025 4:37 am PST by
Apple in iOS 26.2 will disable automatic Wi-Fi network syncing between iPhone and Apple Watch in the European Union to comply with the bloc's regulations, suggests a new report. Normally, when an iPhone connects to a new Wi-Fi network, it automatically shares the network credentials with the paired Apple Watch. This allows the watch to connect to the same network independently – for...
Read Full Article221 comments

Top Rated Comments

Precursor Avatar
Precursor
83 months ago
OpenID "a non-profit organization whose members include Google, Microsoft, PayPal, and others."

Someone's in panic mode, less customer tracking huh
Score: 108 Votes (Like | Disagree)
garylapointe Avatar
garylapointe
83 months ago
Am I missing something in that the headline doesn't seem to support this with more info in the MacRumors story?

"reduces the places where users can use Sign In with Apple and exposes them to greater security and privacy risks."

Greater than what? Than no risk? Than not implementing 'Sign In with Apple'? Than Facebook?

"reduces the places where users can use Sign In with Apple"

Or is it just more risk in that it's not implemented everywhere?

Stating risk without actually reporting anything about the risk isn't really news and is kind of clickbaity...
Score: 68 Votes (Like | Disagree)
raybob Avatar
raybob
83 months ago
They’re worries because their biggest source of income “selling customers’” info is in jeopardy.
Google, microsoft and PayPal?!!!

It’s like pharmaceutical companies becoming members of a non profit which is concerned about cheaper medicine.
Score: 34 Votes (Like | Disagree)
btrach144 Avatar
btrach144
83 months ago
I’m going to assume Apple knows what it’s doing here and purposefully chose to leave out parts of the OpenID standard that didn’t align with Apple’s security needs or vision.
Score: 26 Votes (Like | Disagree)
goobot Avatar
goobot
83 months ago
The title sounds like Apple sign in is flawed but the article says that it’s just not available everywhere which somehow makes it a sercurity risk?
Score: 25 Votes (Like | Disagree)
Baymowe335 Avatar
Baymowe335
83 months ago
Not at all. I've already heard several Apple developers say they're concerned about the lack of interop with OpenID.
Not at all confirmed by your anecdotal story?
Score: 24 Votes (Like | Disagree)
Read All Comments