It seems like it could be really good for users, but the fact that it's _required_ for any apps that use other 3rd-party sign-in options and that it's _required_ to be listed first among those options leaves a bad taste in my mouth.
I can't even imagine what would happen if Google did the same thing with Google Sign In and the Play store.
Disclaimer: I work for Google, not on anything related, and am speaking for myself (as always).
The Google Play Store will show "contains ads" under the install button. Same for "contains in app purchases". Makes it much easier to see which app is really free.
However it is _required_ that you add Sign in With Apple. I'm all for privacy but I disagree with this move because apple said "You must add Apple Sign In" rather than "You must allow one form of anonymous login" which means they are forcing developers to use their tools.
Additionally, if the app only has FB or Google login and you don't use either, you can just not use the app
Why should an app be listed as free if using it requires sacrificing my privacy to use it? That's fundamentally not free.
If the app cost me money then I've purchased an app I cannot use.
This is very simple: they're saying that you cannot require Apple's (and by extension your) users to submit to abuse of their privacy in order to use your app.
This "they're stealing my privacy!" outrage is tiresome. Someone built an app; it authenticates a certain way; if you don't like it, uninstall it. Both Google and Apple offer near immediate refunds. But really there's some due diligence required here - installing an app is not like visiting a web page, you should take a little care what you spend money on.
You're complaining that someone else is building apps in a way you don't like. That's their right; they aren't building them for you.
Why should I have to get accounts for those services just to use your app?
Why should apple list apps that can't be used by users because of they require user's to create accounts with companies that are known to abuse user privacy?
The last point I think is the most reasonable: why should I, a user, be required to use some arbitrary third party just to use your app?
If you are solely using them for login support, and nothing else, then all you're doing is adding one more OAuth provider. What makes it so hard to require an Apple identity if you're already willing to accept google or facebook ones?
Besides that, I’m downloading an app from the Apple App Store. They already know which apps I’ve downloaded. They aren’t getting anymore information via “Sign in with Apple”.
They are complaining that these app developers are misrepresenting the cost of the "free" app. What it really costs is access to data about you as a Google/FB user. Sure, build an app like that all you want, but don't lie about it.
In the common usage of the word they are totally free. If you want to redefine the word as it's used, let's start also considering your bandwidth isn't "free" and so these apps aren't free in that sense either. How about the electricity you paid to charge your phone? The calories you ingested that help you operate the phone?
The common and almost universally accepted understanding of "free" is "no exchange of money". Saying those who don't adopt an extreme viewpoint are lying is dishonest.
The common usage of the word "free" is something like "without cost" (yours doesn't work and I actually couldn't find a definition that explicitly says "money"). Placing ads in an app has various costs, just not usually monetary. I don't think you need to redefine anything or go to this odd extreme you're trying to straw-man into the argument.
Does Apple have a feature in their app store that allows developers to mark their apps as "Monetarily free but you have to sign in with Google"? If not, how exactly do you expect developers to comply with your demands when Apple provides no way to do so?
Sure, but would you agree that open source tools and being able to choose the tools we want is better? We should have that same freedom when it comes to building authentication into our applications
It’s standard OATH. There are libraries for every language that I’m aware of that let you integrate with OATH providers. You don’t have to use Apple’s tools to do it. You could use “sign in with Apple” from any platform.
But what good would “open source tools” do overall if you still have to integrate with Apple’s services/APIs to do anything useful - the same is true with Android/Google Play Services.
Reading and replying to this comment was not free then.....
Free in the colloquial sense means "no money required", otherwise nothing is free since there is always some cost, if not an opportunity cost. What are you going to do, complain that an app required bandwidth to download?
I can kind of see your point regarding paid apps, but for free apps, you aren't really losing anything, besides maybe a few seconds of your time. If you don't like the authentication options the app offers, you can just uninstall it, and for 99% of the apps in the app store there's multiple alternatives that will offer a different set of options.
Unless I don’t have a google or fb account, in which case having an app listed in the store that I can’t use is hostile - and I bet it would be even more problematic if they elevated the rank of apps that supported Apple sign in over those that didn’t, even if it did reflect the value proposition for the user
I think that if "downloading apps users can't log into wastes their time" was the problem Apple was trying to solve, this would be a good (maybe better?) solution.
But the problem they're going after is bigger: how do you allow users to keep using their favorite apps (because most people aren't super privacy-conscious) while at the same time making sure those apps don't track users or sell their data? And, like it or not (and many people won't), I think forcing developers' hand is the only real way to make this happen.
I know what you're saying but I'm okay with it. In this case Apple chose users over developers. iOS developers have to do a little more work (Apple has made it very easy from what I've seen of the framework) and have a little less freedom but users signing in to apps using 3rd party auth are guaranteed the privacy protections Apple is promising. They drew a line in the sand by making their solution mandatory but I think they had to to deliver what they're promising to users (which I think is great).
That privacy seems a bit overboard though. This is fine if a user can create his account directly inside the app. But it's not very clear how to support a workflow where you have an organization with multiple users authorized by an admin to use the app. How can the admin add a user to his organization, if he doesn't know in advance the user randomly generated email? I guess you could send an invitation code, and let the user enter that code after the apple sign in, to associate the account to the authorized user. This sounds more complex for the user than a workflow where the admin can directly authorize specific emails.
The randomly generated email is a user choice, they can also provide their real email. The randomly generated one would not work for things like slack sso etc.
Apple knows that for most people (unlike this website's audience), the privacy concern is not as important as using That Cool New App, and if this was just another option developers could, but didn't have to implement, many apps would choose not to -- and most people would still download them. The only way to make sure that most users' email/login/usage isn't being sold or used to track them is to force developers to offer Apple's auth option, and make it as easy to use as choosing to log in with Facebook or Google.
> I can't even imagine what would happen if Google did the same thing with Google Sign In and the Play store.
If Apple made its money by mining its users' data, there would be a big uproar about this announcement, too. But Apple made it very clear that they will not be doing that with this data, and is moving more and more towards establishing itself as the privacy-focused alternative to Google... So this is by and large (and obviously there are many people with reservations, whether about Apple forcing developers' hands, or about trusting a big company in general) being seen as more of a Good Thing.
Google should just add a similar requirement in response. With this rule Apple is forcing their signup method to be taken up across all platforms (web, Android, iOS) because you can't only enable logging in with Apple on one platform.
If Google were to implement the same requirement, any cross platform app with Apple's login would also now have a Log in with Google button, making sure that Apple won't be getting any Oauth monopoly any time soon just to keep them in check.
The SSO "market" is only a market if the SSO providers are monetizing your data at the expense of your privacy. Private authentication is not a "market" almost any of us needs or wants, but rather a right that we deserve.
Does anyone use Okta outside of the Enterprise? No enterprise focused app is going to allow any random third party credentials. Okta is also not by any definition a “social network”.
It's also a "market" if you happen to run one of the largest payment networks in the world (Apple Pay) and if having users signed in with your service gives you the ability to let them easily provide payment information through you to the exclusion of your competitors (Amazon Pay, Google Pay, etc).
Apple Pay is a feature of the iOS SDK and Safari browser, not a feature of the login system. Which method you used to login doesn't change the friction of paying with it.
My understanding is that putting SIWA first is in their Human Interface Guidelines, which (nominally) are not mandatory. Some apps have been rejected for HIG violations, however, so maybe they'd enforce that (but I doubt it). Plenty of HIG-violating apps make it into the App Store, so they definitely don't enforce all HIG violations.
To me this is a fair rule and benefetial for the end users, it will give more options to them. It simply says "if there are competitors, you must include us".
I'm not an Apple user, but I would expect Apple to provide and guarantee that you can log in any app with your Apple login. Seems fair to me.
Also, I'm pretty confident that Google offering a privacy-oriented SSO on Google Play would be appreciated by everyone. Privacy on Android is such a joke : any app can freely read the accounts present on your phone, they don't even need you to sign in to identify you
Well, maybe if Google didn’t do stuff like trick users into installing privacy invasive apps by using developer certificates that were only suppose to be used for internal apps you might have a leg to stand on....
Can you point to anyone who was tricked? I signed up for that program myself. It was very clear what I had signed up for. I wasn't tricked into it any more than a Nielsen family is tricked into getting paid to use a Nielsen box.
From the link you posted it wasn’t clear that it could intercept anything. Can a Neilson box intercept my emails? My account details and drain my account?
> From the link you posted it wasn’t clear that it could intercept anything.
That's Apple's fault if the permission screen didn't show that. What the app actually collected was different from what it had OS permission to collect and was clearly described to the user.
The whole idea of a development certificate is that it is suppose to be used for internal use where a corporation can deploy an app to employees that can do all sort of weirdness.
I can't even imagine what would happen if Google did the same thing with Google Sign In and the Play store.
Disclaimer: I work for Google, not on anything related, and am speaking for myself (as always).