Sign in with Apple : Google loves the system, but not its presentation

Google welcomes ” Sign in with Apple “, the new authentication system from Apple, even if it believes that its presentation at WWDC 2019 defamatory towards ” Google Sign-In “.

In an interview given to The Verge, the responsibility for the safety of accounts, Google believes that the most important thing is to reduce the number of passwords used by internet users. Since “Sign in with Apple” seeks to achieve this objective, it applauds the initiative.

Mark Risher know that some people see as a bad thing these authentication systems centralized, because that is putting all of its eggs in the same basket, according to them. He affirms, however, that a system such as “Google Sign-In” is more secure than using passwords, for two reasons.

On the one hand, on the side of the publishers of web sites and applications, this avoids the need to manage an authentication database, with all the risks that this represents. It is the security team of Google (or Apple), supposedly more experienced, who takes charge of this issue.

On the other hand, on the user side, the head of the “Google Sign-In”, responds to the metaphor of eggs in the basket by another metaphor, most just after him :

You have two ways to shelter your one hundred dollars : you can spread them throughout your home, putting the pieces of a dollar in each drawer and under the mattress. Or you can put in the bank, which is a uniform basket, but a basket protected by steel doors, 30 cm thick.

Mark Risher is less than pleased with the way in which Apple introduced ” Sign in with Apple “. During the keynote, Craig Federighi stated that “Google Sign-In” and “Facebook Login” could share personal information in secret and is used to track down users. Google did not like that “Sign in with Apple” is described as the only system that integrates privacy, while the other would be corrupt. He argues, moreover, without being certain, that the Apple system could be more invasive than Google, because it consigns the mails sent by the companies, what Apple stands for.

He acknowledges that ” some competitors “, in the first place Facebook, even if he does not appoint, could result in authentication systems in the wrong direction and lead to a suspicion of the part of the users : ” You may have clicked on this button that notifies all your friends that you just connect to a site embarrassing. “ And to sink the nail in speaking of this competitor — Facebook, again — which was apparently the phone numbers for two-step authentication to adjust its ad targeting. ” It’s bad for the ecosystem as a whole, as people, we are more confident “, laments he.

Mark Risher ensures that Google does not “Google Sign-In” to its primary use : ” We record only the time of the connection. This is used for any type of retargeting. This is not used for any kind of advertisements. This is not shared with anyone. And it is partly under the control of the user so that he can go back and see what happened. “

What the leader does not say, is that in addition to its bad habits regarding the respect of privacy, Facebook also gave the worst examples in the field of security. Last September, the company revealed that a hacker was able to steal the tokens to access (the equivalent of a key that maintains the connection to Facebook), 50 million members, allowing the organization to usurp their accounts on the social network, but also in third-party apps using ” Facebook Login “.

The vulnerability came from the function “View as ” who revealed this token private in a particular case. Facebook has had to reset the tokens for all the users concerned. The steel doors of 30 cm, which protect the basket of eggs no use if they can pick with a paper clip…