At the recent Apple WWDC 2019 event, we heard about a lot of new features from Apple. There were many features related to privacy and security announced by the company. Out of all these features, there was one feature that stood out. This was named as ‘Sign In with Apple’ and it does what it says. You will now have an option to Sign In with Apple ID on your devices. So there is no longer a need to sign in with Google or Facebook on your iOS devices.
Now, the feature was received with huge applause at the time of announcement. Everyone believed that this is the best thing that could happen for the users’ privacy. However, it turns out that the OpenID foundation does not think so. The OpenID Foundation has addressed a later to Apple’s Craig Federighi in which they say that Single Sign-On exposes Apple users to “greater security and privacy risks”
They also say that it puts an additional burden on developers which is due to a few key differences. Although Apple uses OpenID Connect Standard for Sign In with Apple, there are still some changes and they are likely to cause these issues.
Here is the letter that OpenID Foundation has addressed regarding its concern:
The current set of differences between OpenID Connect and Sign In with Apple reduces the places where users can use Sign In with Apple and exposes them to greater security and privacy risks. It also places an unnecessary burden on developers of both OpenID Connect and Sign In with Apple. By closing the current gaps, Apple would be interoperable with widely-available OpenID Connect Relying Party software.
Talking about OpenID Foundation, it is a non-profit backed by Google, Microsoft and others and they are even urging Apple to join the foundation to improve the security of Sign In with Apple.