OpenID Foundation Claims 'Sign In with Apple' Could Expose Users to Security and Privacy Risks

At WWDC 2019 earlier this month, Apple announced Sign In with Apple, a new privacy-focused login feature that will allow macOS Catalina and iOS 13 users to sign into third-party apps and websites using their Apple ID.


The feature has been largely welcomed as a more secure alternative to similar sign-in services offered by Facebook, Google, and Twitter, since it authenticates the user with Face ID or Touch ID, and doesn't send personal information to app and website developers.

However the implementation of Sign In with Apple has now been questioned by the OpenID Foundation (OIDF), a non-profit organization whose members include Google, Microsoft, PayPal, and others.

In an open letter to Apple software chief Craig Federighi, the foundation praised Apple's authentication feature for having "largely adopted" OpenID Connect, a standardized protocol used by many existing sign-in platforms that lets developers authenticate users across websites and apps without them having to use separate passwords.

Yet it cautioned that several differences remain between OpenID Connect and Sign In with Apple that could potentially put users' security and privacy in jeopardy.

The current set of differences between OpenID Connect and Sign In with Apple reduces the places where users can use Sign In with Apple and exposes them to greater security and privacy risks. It also places an unnecessary burden on developers of both OpenID Connect and Sign In with Apple. By closing the current gaps, Apple would be interoperable with widely-available OpenID Connect Relying Party software.

To remedy the situation, the foundation asked Apple to address the differences between Sign In with Apple and OpenID Connect, which have been recorded in a document managed by the OIDF certification team.


It also invited the company to use OpenID's suite of certification tests to improve the interoperability of the two platforms, publicly state their compatibility, and join the OpenID Foundation.

Shortly after unveiling Sign In with Apple, the tech giant told developers that if an app lets users log in using their Facebook or Google logins, then it must also provide an alternative Sign In with Apple option.

The company then raised some eyebrows when it emerged that its updated Human Interface Guidelines asked app developers to place its authentication feature above other rival third-party sign-in options wherever they appeared.

(Thanks, Jonathan!)

Top Rated Comments

(View all)
Avatar
12 months ago
OpenID "a non-profit organization whose members include Google, Microsoft, PayPal, and others."

Someone's in panic mode, less customer tracking huh
Score: 108 Votes (Like | Disagree)
Avatar
12 months ago
Am I missing something in that the headline doesn't seem to support this with more info in the MacRumors story?

"reduces the places where users can use Sign In with Apple and exposes them to greater security and privacy risks."

Greater than what? Than no risk? Than not implementing 'Sign In with Apple'? Than Facebook?

"reduces the places where users can use Sign In with Apple"

Or is it just more risk in that it's not implemented everywhere?

Stating risk without actually reporting anything about the risk isn't really news and is kind of clickbaity...
Score: 68 Votes (Like | Disagree)
Avatar
12 months ago
They’re worries because their biggest source of income “selling customers’” info is in jeopardy.
Google, microsoft and PayPal?!!!

It’s like pharmaceutical companies becoming members of a non profit which is concerned about cheaper medicine.
Score: 34 Votes (Like | Disagree)
Avatar
12 months ago
I’m going to assume Apple knows what it’s doing here and purposefully chose to leave out parts of the OpenID standard that didn’t align with Apple’s security needs or vision.
Score: 26 Votes (Like | Disagree)
Avatar
12 months ago
The title sounds like Apple sign in is flawed but the article says that it’s just not available everywhere which somehow makes it a sercurity risk?
Score: 25 Votes (Like | Disagree)
Avatar
12 months ago

Not at all. I've already heard several Apple developers say they're concerned about the lack of interop with OpenID.

Not at all confirmed by your anecdotal story?
Score: 24 Votes (Like | Disagree)

Top Stories

Apple Releases macOS Catalina 10.15.5 With Battery Health Management Features, Fix for Finder Freezing

Tuesday May 26, 2020 1:59 pm PDT by
Apple today released macOS Catalina 10.15.5, the fifth update to the macOS Catalina operating system that was released in October 2019. macOS Catalina 10.15.5 comes two months after the launch of macOS Catalina 10.15.4, which introduced Screen Time Communication Limits. macOS Catalina 10.15.5 is a free update that can be downloaded from the Mac App Store using the Update feature in the...

Leaker Shares Details on 'iPhone 13' Camera [Updated]

Wednesday May 27, 2020 4:27 pm PDT by
The next-generation iPhone 12 lineup coming in fall 2020 isn't out yet, but Fudge (@choco_bit), a leaker who sometimes shares information on upcoming Apple devices, today offered up details on what Apple has in store for the 2021 iPhone 13's camera setup. A simple design drawing depicts a device with a four camera array, which Fudge claims will have the following features: 64-megapixel...

Leaker: Apple to Stick With Lightning Over USB-C for 'iPhone 12' Before Going Port-Less Next Year

Tuesday May 26, 2020 2:31 am PDT by
Apple will use a Lightning port instead of USB-C in the upcoming "iPhone 12," but it will be the last major series of Apple's flagship phones to do so, with models set to combine wireless charging and a port-less Smart Connector system for data transfer and syncing in the iPhone "13 series" next year. The above claim comes from occasional Apple leaker and Twitter user "Fudge" (@choco_bit),...

16-Inch MacBook Pro, iPad Pro, and iMac Pro With Mini-LED Displays Again Rumored to Launch in 2021

Tuesday May 26, 2020 5:30 am PDT by
Apple plans to release several higher-end devices with Mini-LED displays in 2021, including a new 12.9-inch iPad Pro in the first quarter, a new 16-inch MacBook Pro in the second quarter, and a new 27-inch iMac in the second half of the year, according to Jeff Pu, an analyst at Chinese research firm GF Securities. This timeframe lines up with one shared by analyst Ming-Chi Kuo, who recently...

Apple Begins Selling Refurbished iPhone XR Models

Thursday May 28, 2020 9:50 pm PDT by
Apple today began selling certified refurbished iPhone XR models in select colors and capacities for the first time in the United States. Refurbished iPhone XR models are priced at a roughly 16 percent discount compared to current pricing on brand-new units, knocking $100–120 off of the regular price. In addition to the 64GB and 128GB capacities matching current brand-new iPhone XR models, ...

Apple Making It Harder to Avoid Nagging macOS Update Notifications

Thursday May 28, 2020 8:13 am PDT by
With the release of macOS Catalina 10.15.5 and related security updates for macOS Mojave and High Sierra earlier this week, Apple is making it more difficult for users to ignore available software updates and remain on their current operating system versions. Included in the release notes for macOS Catalina 10.15.5 is the following:- Major new releases of macOS are no longer hidden when...

HBO Max Now Available on Apple TV and iOS Devices

Wednesday May 27, 2020 2:42 am PDT by
HBO Max launched today, and is now available on Apple TV, iPhone, and iPad. WarnerMedia's new streaming service, which replaces HBO Now, combines HBO content with shows and films from Warner Bros and Turner TV. The service is available as a native app on the ‌Apple TV‌ HD and ‌Apple TV‌ 4K, but second and third-generation ‌Apple TV‌ owners will need to AirPlay HBO Max content...

Powerbeats Pro Debut in Four New Colors: Spring Yellow, Cloud Pink, Lava Red, and Glacier Blue

Friday May 29, 2020 10:00 am PDT by
Following a couple of leaks in recent weeks, Beats today is officially announcing four new colors for its Powerbeats Pro wireless earphones: Spring Yellow, Cloud Pink, Lava Red, and Glacier Blue. The new earphones will go on sale June 9 and sell for the same $249.95 price as the existing color options. Aside from the colors, the new Powerbeats Pro models are otherwise identical to the...

Anker Launches $100 24K Gold-Plated USB-C to Lightning Cable

Wednesday May 27, 2020 12:47 pm PDT by
Anker, a brand normally known for its well-made, affordable accessories for Apple devices, has debuted a new $100 24K gold-plated USB-C to Lightning cable. According to Anker, the cable, which is in the PowerLine+ III family, features a "Special Edition Gold Design" that's "bold yet elegant" with the aforementioned gold-plated cable heads and matching braided gold and black cable. The...

More Photos and Video of Apple's Redesigned Leather Loop Watch Band Surface

Thursday May 28, 2020 10:50 am PDT by
Images of a new version of the Leather Loop that Apple appears to have in development surfaced yesterday, and today, Vietnamese site Tinhte.vn has shared additional photos and videos that give us a clearer picture of what to expect from the new band. The bands come in colors that include red, hot pink, blue, black, and brown, with some of the bands featuring different colored accents at the...