Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iCloud Apple Sign-In useless? (as of right now)

M

matt_and_187_like_this

macrumors 6502a
Original poster
Dec 8, 2015
637
2,197
Hi,
so Apple forces developers to implement their own Apple Sign-in feature. It's supposed to be a 'secure' way to sign in as most Sign-In features track you and almost every App nowadays requires a phone number (unique identifier I get it)

Most of the times the process is as follows:
Step 1) App presents options:
- Phone number
- Apple
- Facebook/Google
I don't want to share my phone number, so I choose Apple. I even 'hide my email'.
Step 2) After Apple Sign-in App forces me to enter a phone number anyway

What's the point of a 'secure' Apple Sign-in feature when Apps circumvent it by forcing you to enter a phone number after signing on with Apple. It's completely redundant as of now.

I am usually against Apple using their market power to dictate terms, but they already did by forcing developers to use their sign-in method. So it should at least work properly...

What are your thoughts? Should Apple change the TOS of the App store and be more strict with their sign-in feature?
 
Sign In With Apple is not forced. It is only a requirement when you have other sign in providers like Sign In With Facebook and Sign In With Google. If you do not have such options signing in with Apple is not a required feature.

What account creation requirements app providers have is also on them. Sign In With Facebook will let Facebook know what you’re doing and give Facebook another avenue of tracking you.

I don’t know about apps you may be thinking of but usually you might also need to enter email address and password, and these steps can be avoided with a sign in provider like Apple. The service may never need you to enter a password, and crucially may never store a password just a token that links you to a Sign In With Apple “key”. Should the service get hacked you don’t have a password that can get exposed, you don’t have an email that’ll be exposed. There may be a phone number but it’s at least not linked to any other details about you. Anyone would of course be able to ring it, but they can’t ring it and say “Hello Mark. We have registered an account issue with your email address bla-blah@gmail“ and pull a phishing scheme that way.

Furthermore, implementations of Sign In With Apple that is just pushing the button, done; Do exist. DnDBeyond for example required nothing after I made an account through Sign In With Apple
 
casperes1996 said:
Sign In With Apple is not forced. It is only a requirement when you have other sign in providers like Sign In With Facebook and Sign In With Google. If you do not have such options signing in with Apple is not a required feature.

What account creation requirements app providers have is also on them. Sign In With Facebook will let Facebook know what you’re doing and give Facebook another avenue of tracking you.

I don’t know about apps you may be thinking of but usually you might also need to enter email address and password, and these steps can be avoided with a sign in provider like Apple. The service may never need you to enter a password, and crucially may never store a password just a token that links you to a Sign In With Apple “key”. Should the service get hacked you don’t have a password that can get exposed, you don’t have an email that’ll be exposed. There may be a phone number but it’s at least not linked to any other details about you. Anyone would of course be able to ring it, but they can’t ring it and say “Hello Mark. We have registered an account issue with your email address bla-blah@gmail“ and pull a phishing scheme that way.

Furthermore, implementations of Sign In With Apple that is just pushing the button, done; Do exist. DnDBeyond for example required nothing after I made an account through Sign In With Apple
Click to expand...

It's forced if a condition is met, granted.

Last paragraph: Yes, I know and that's what I believe to be the way Apple intended it.

Rest: My point is that you are presented with several sign-in options, but at the end only one works. Most app-based services don't require anything other than a phone number. Phone number is what every company seems to want to get their hands on these days (I assume because it's a unique identifier and enables easy tracking across services and other advantages like preventing fake/spam accounts).
 
Last edited:
In my opinion, SIWA is a good security measure. I refuse to use any app that requires any user information past SIWA. Those that do are looking to make money off of your information. Don't sign up for accounts you disagree with.
 
  • Like
Reactions: casperes1996
Apple_Robert said:
In my opinion, SIWA is a good security measure. I refuse to use any app that requires any user information past SIWA. Those that do are looking to make money off of your information. Don't sign up for accounts you disagree with.
Click to expand...

That's what I do as well, but it's getting more and more impossible.
 
Sort of agree with Robert. I can empathise with it feeling impossible though I've honestly not really run across any services that *require* my phone number. I also don't tend to be very hip or sign up to much, haha.
But I will say that as a developer Sign In With Apple is pretty nice, honestly. From that side of the field though any of the "Sign In With" providers are nice, because it's less stuff for you to have to deal with on the backend if you only allow signing in through them
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back