Sign in with Apple : Apple becomes a provider of private identity

Nobody expected it, and yet it is one of the most important announcements of the WWDC. With ” Sign in with Apple “, Apple takes a central place in your digital life, by becoming a supplier of identity. An identity that is blurred, which is detached from the data, purely utility… and highly strategic. “Sign in with Apple” just to thwart the plans of Google, Facebook, and all those who seek to drive a wedge between Apple and its customers.

“Sign in with Apple” can be used by all the applications with a login form, but must be used by the applications, integrating systems of identification such as “Google Sign-in”, or ” Facebook Connect “. In this case, the button “Sign in with Apple” must be as large as the other, and placed as high as possible. The appearance and the text of the button can be (slightly) custom.

Creating an account is as simple as making a payment with Apple Pay. Press the button “Sign in with Apple” : the system generates an identifier unique account, and presents you with a modal window, which already contains your name. You have a choice, and that is to provide your e-mail, in which case the developer may find a possible already existing account, or use an address relay provided by Apple.

Apple invites developers to reconsider their practices. Did they really need to recover the name and the e-mail ? In some cases, the unique id should be sufficient. The e-mail can certainly provide assistance to the customer, but also the flood of spam e-mails. Allow one while preventing the other, it is the objective of the addresses of the relays.

First of all because the relay works in both directions. The developer sees only the address relay, but you receive the mail in your “real” inbox. The risk would be that you uncover your address in answering, but all your communications are covered by the relay. Apple does not keep any information, and the messages are removed from the boxes over as soon as they were distributed.

Then, because the relay is exclusive and temporary. Each time you create a new account in a new app, “Sign in with Apple” creates a new address relay unique. You receive spam via an address relay ? You can identify the application at fault, and remove the relay.

Unique identifier, name, address… but where is the password ? It is very simple : there is not. Your authentication data is stored in the Keychain iCloud, locked by your password and iCloud (normally) protected by the identification of two factors of Apple. On a new device, you can log in with Touch ID or Face ID in each application.

“Sign in with Apple” protects the user but also the developer. The behavior of the user and the device data are analysed on the device itself, to try to identify the accounts of suspicious and robots. Apple does not prevent the registration, but send the information to the developer, in the form of a single bit of warning. To him to act accordingly.

Like Apple Pay, “Sign in with Apple” aims to secure the transaction that is the creation of an account, but also to repel it. Apple advises to ” delay registration for as long as possible “, and in the case of an application for sale online, d’” to wait until the customer has made a purchase before asking him to create an account “.

After a few months of testing, “Sign in with Apple” will be available this fall on macOS, iOS, and iPadOS, as well as watchOS and tvOS. But also the web, and even Android applications and Windows, with an implementation of JavaScript. In Safari, “Sign in with Apple” will work as Apple Pay, and the registration can be validated with the sensor Touch ID, built-in or the surrounding items.