Fort Epic Who? Is Horton hearing a Who. Whatever. Eric can develop a nice web-based app and avoid all this stuff. Or make millions, their choice.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Disabling 'Sign in with Apple' for Epic Games on September 11 [Updated]
- Thread starter MacRumors
- Start date
- Sort by reaction score
What world do you live in where you're scared of junk mail? Email breech lol
My email address has been breeched so many times and I rarely get junk mail because of it. There is a reason I have a personal email for my resume, friends and family, and then I have another email that I use for everything else that requires a log in, purchases, ect. I keep them separate so junk mail only goes to that email address. And you know what? It's not hard to delete junk mail. oh, the horror.
I never use Sign In with Apple because I don't want to be stuck in their ecosystem just in case I ever want to leave it. I have Apple products but I can leave at any moment because I'm not married to them. I had originally set up my Spotify account with Facebook, but I emailed them to unlink it so I can log in with my email and they did. I no longer use facebook so thats a good reason to never use sign in with google/facebook/apple. It still boggles my mind how everyone on here can't do anything without Apple coddling them and holding their hand. How do you survive leaving your home?
What Jag said; the lock-in is spooky. Also, a simple bug with Sign in with Apple was found a few months ago that made it possible to break into any user's account, provided they used email or Sign in with Apple. That's egregious. I'm not using this for a long time, and I mean both as a consumer and a developer. Sign-in with Google or FB (yeah I know) are more tried and true.
Email spam isn't really a thing anymore, esp when you can just make a burner gmail account. The bigger problem is the passwords. If you care about your data on the site, they're more likely to mess up their homemade password auth and let your account be breached. And if you reuse passwords, sooner or later your other accounts will also be breached.
Last edited:
There needs to be a widely used open-source auth system that each site can use without any reliance on another service. Right now every site does it their own way, which makes them likely to mess up. It's bad enough that I do the opposite, sign in with Google/FB wherever possible. Would rather risk losing access than risk being hacked.
Not scared of it at all, just inconvenienced by it. No reason to live with it when I have a simple alternative.
Glad you do not get junk mail.
Just curious where I explained that it was a crisis or a horror. Would you point to the quotes for me so I can correct them?
Just want to make sure I understand your argument. You do not want to use this service, because at some point in the future, you might want to stop using it, and it is better to deal with the inconvenience on an ongoing basis, rather than at the point that you actually want to leave? Sounds like leaving Sign in with Facebook was pretty easy. Seems like a lot of effort for something that you may or may not ever need.
Again, I do not really follow your argument. You used a social sign on service. It made it easier for you to manage. Then you decided you did not want to use it, and it was very easy to stop (although it required more management on your part to use it afterward). Later you stopped using Facebook, so you might have wanted to stop using their social signon (you could have deleted all your profile data, unfriended everyone and still used it just for social sign on) and that is the reason that one should not use social sign on? Seems like your example shows it is both easy to use and easy to leave.
It boggles my mind how people like you waste energy duplicating effort that Apple have done just so you can at any moment. I use their products, services and tools because I prefer the experience I get with them and at the moment their interests are aligned with mine. I have a non-subscription version of 1Password, but I no longer really use it because I find Apple Keychain just as useful, free and better integrated. If at some point I decided I no longer wanted to use it, I could leave at that point. Being proactively inconvenienced just in case something might change seems odd.
It does seem clear that you must not get much out of the ecosystem given how little you use it, so it does not really surprise me that you are ready to leave at a moment. I have to say that I am really curious why you are an Apple user if their integration does not serve you.
Their products are reasonable on their own, but where they really excel is when they are all used together, coupled with their services (both paid and included).
Thanks. It actually helps to see it written out. Sorry if I missed it earlier in the discussion but, frankly, I'm starting to feel like this needs to be repeated on each page of the discussion until someone saying Apple is unreasonable here can show in what way they're being unreasonable.Since you do not want to take my word on this,here is the quite from the Apple Developer site:
When you've been expelled from college you eventually need to move out of the dorms. To complain the college expelled you, and then a few days later to complain that they also made you find somewhere else to live feels a little redundant
What lock in? That is what I do not get. You can easily move from an Apple social sign on to a native account. You can keep your free iCloud/AppleID even if you own no hardware of theirs. Not sure what spooks you.
I am more confident in Apple’s system than that of the million little companies with roll-your-own auth systems. When you say you are not going to support Sign in with Apple as a developer, I presume that means that either you do not work for a company that has an iOS/iPadOS/tvOS/WatchOS app and/or you do not support any social sign on (as one cannot have an app and support other social signon without supporting Apple’s).
With a different set of trade-offs. Glad you like them. I would rather not be the product.
So you create a new email address for every new service you use? Sounds like a lot of effort. You manage all those passwords and accounts how?
That is another benefit of social sign on, one gets different passwords for every service without having to manage it at all.
No, the App Store did not approve malware.
And the judge already gave apple a pass.
That's the problem this article mentions.
As a dev, you can support phone auth without Sign in with Apple, which is what we do, but that's only because it's suitable for us.
Sign in with Apple has already proven itself untrustworthy because of that bug. I've got three burner email addresses used for signing into things, which have never been spammed, nor would I care if they got spammed. Keychain stores my passwords.
Last edited:
Another counterpoint to this is that there seem to be many apps that require you to create an account upon downloading, in order to access features that shouldn't need an account to start with. All for the purpose of being able to spam you with adverts. Sign in with Apple tackles this issue with a "fight fire with fire" approach by allowing the user to create throwaway accounts and blocking emails from the developer.
Every developer would love to establish a more direct relationship with their customers, but not every customer necessarily wants or appreciates having such a direct relationship with the developer of their app.
The system used by Micrsoft/Google/Facebook (not sure about Apple) IS a widely used open-source auth system. It’s called OAuth. https://oauth.net/about/introduction/ and it’s supported by most of the big Auth systems. That said, many sites choose to instead use OpenID which is built on top of OAuth, the big difference being OpenID allows some degree of access to your info (like name, possibly email, etc) where as with OAuth you are just represented by a random identifier, and so when you Auth To Google or FB or whatever, you get a token, and then are redirected back to the site you are signing in with it an your identifier, and then the site is able to use the token to validate you are the owner of the identifier (which is linked to your account on their side when you first log in with your other account.
That said, OpenID isn’t evil or anything, and I don’t think it shares much, but Google and FB have too much info already. They don’t need to know where I have accounts. And that’s basically where the wall comes. Cause if you use any of the like social network logins, they will know what site it is for (they have to do a redirect after Auth back to the sites callback address and the original request lists the source as the “referrer”. Either way, both are plenty secure, OpenID just basically adds an API the other site can use to talk back to the Auth provider. But neither one of them could be bypassed unless they implemented the standards wrong. So it is generally a secure way to Auth. Worst case just make like a fake Twitter to log into stuff with lol.
No, the article does not talk about lock in at all. The article talks about a petulant developer and their attempts to inconvenience/hold hostage their customers. It is clear that no one using Sign in with Apple is unable to switch to another login account, so there is no lock in.
Not sure what ”phone auth” is, or how it responds to my statement that you must not support any social signon if you have an iOS/iPadOS/tvOS/watchOS app.
A zero day exploit caught before it was ever used, and only then if the developer did not use basic JWT best practices. Still not a good thing.
You did not answer my question: Do you create a new email account every time you create a new account? If so, how do you mange them? How often do you check the mail at them? Seems like a lot of effort with its own set of problems.
Epic will be fine, with all the stickerbooks, and Funko Pop Toys they have for sale in almost every grocery store in the UK.
Only if the company you're using it with are giant, contract-breaching dilweeds.
Help, trillion dollar company wants 30% cut of those virtual coins being sold kids!
Just because Apple is in the right this time doesn't mean they always will be. Sign in with Apple is evidently a bargaining chip. Sure it's tolerable for many devs, but it's still a risk to weigh.
Yeah, no social signon. Phone auth = you put in your phone number and get a code via SMS or phone call to log in. It's like how Whatsapp works. You're allowed to make your app only allow phone or email login without having Sign in with Apple. But the reason for that isn't because we're worried about Sign in with Apple in particular.
I don't make a new email account when I make a new account. I reuse the same one and only check it when they've sent me a verification code. I think most people do things this way. The other two are just for if I want multiple accounts.
Oauth isn't what I meant. That's a way for someone to identify themselves to your site using external auth systems. I mean the opposite in a way: If you don't want your site fully dependent on other companies for auth, there should be an open, well-adopted drop-in solution for storing user accounts and their credentials that you're unlikely to botch. There are plenty, but nothing has come out on top, and they're all email/password-based, which isn't great. It'd need support all the way onto the smartphone to be user-friendly. Many have tried to make this. In the current state of the market and the Internet, it's impossible.
Also, OAuth is a really complex standard. Many devs just delegate it to Firebase or something. I don't even remember how it works well enough to rant about it anymore, but at some point I did.
And yeah, I have a Twitter purely for logging into junk. Somehow they keep banning me for doing nothing.
Apple made it a requirement that if one supports some other social signon service, one needs to support Sign in with Apple. There is not requirement that one include any.
They cannot, as has already been shown by the fact that Epic have been able to move people to other accounts.
If you are no longer a developer, why should Apple allow you to use their customer database ?
I believe apps that offer third-party sign-in will require to offer "Sign In with Apple" as an option, or else you wont be approved by Apple, so you have the option to do whatever Apple says or to throw your app and all your work in the trash because you can only install what Apple says is ok on iOS/iPadOS/tvOS and I'm guessing macOS soon...
That argument follows no logic when it's simple math:
-If Apple's gets 30% cut of your $0 app ($0 in your case), you're fine.
-If Apple's gets 30% cut of Epic's $1.2 BILLION app, then the math is correct.
-If Epic finds a way to make 30% x $1.2 BILLION = $0 then that is DEFINITELY a red flag.
By suggesting you don't agree with Apple's response, you are basically saying you have a problem paying Apple for using the app store's servers and iOS platform to make money... and that somehow justifies why bigger companies wanting to make money should avoid iOS because they have to pay more than $0 for any income made from the app... SAY WHAT!?
In Epic's case, that's like arguing why someone can't run an IPTV subscription service using a piggybacked connection from the neighbor's cable TV connection... yes, the neighbor's - otherwise, they'd be paying for service/content to make that income and we can't have that!?
The correct move for Epic should have been - negotiate, not steal.