The deadline for affected apps to implement Apple’s new single sign-on or SSO experience has now passed. Announced mid-2019, the system was praised for its privacy-focused implementation compared to what the likes of Facebook and Google have been offering on apps and services for years. While few will contest Apple’s intentions and the security of its system, there are some who are still on the fence about it. In fact, one app will be throwing out all third-party logins because of the problems that Apple won’t tell you about Sign in with Apple.
Designed with privacy as the center, Sign in with Apple allows users to hide their email address when signing up for and signing into an iOS or Mac app. All that the app or developer will see is a random email address tied to that account. This is to shield and separate user’s real emails from potential abuse by third parties or developers themselves. According to the developers of shopping and recipe app AnyList, however, this also creates headaches for both users and developers when that email is a critical part of the experience.
While Apple forwards emails sent to that random email, that is, by default, tied to a user’s Apple ID email which AnyList claims few actually check. This means that a user can send questions or complaints to developers via the app but might not realize they’re receiving the responses to a less frequently used email. For the record, users can change where emails are forwarded to but they may not even be aware of that option if they don’t look for it.
It is also a problem for apps and services that use emails to share content, like shopping lists, since users will have to dig for that randomly-generated email. The difficulty is multiplied when you consider services that are also available on non-Apple platforms or when you no longer have access to your iPhone or iPad.
AnyList admits that some of these problems also apply to other third-party sign-ins like Facebook’s and it has taken the opportunity to also drop that feature. After all, Sign in with Apple is only acquired if an app offers other third-party sign-ins and AnyList will no longer do so. The developers were also worried about a clause that gives Apple the right to disable Sign in with Apple at any time for any reason, practically giving the company control over another’s services. AnyList doesn’t discount the privacy benefits of Apple’s SSO but attributes it to the immaturity of what will be a critical security feature.