Skip to main content

OpenID Foundation says Sign In with Apple poses security and privacy risks

At WWDC 2019 earlier this month, Apple unveiled its new Sign In with Apple platform, which gives users a privacy-friendly alternative to sign in platforms from Facebook and Google. This week, however, the OpenID Foundation is questioning some of the decisions Apple made for Sign In with Apple.

The OpenID Foundation is a non-profit organization with members such as PayPal, Google, Microsoft, and more. The OpenID Foundation controls numerous universal sign-in platforms using its OpenID Connect platform:

OpenID Connect was developed by a large number of companies and industry experts within the OpenID Foundation (OIDF). OpenID Connect is a modern, widely-adopted identity protocol built on OAuth 2.0 that enables third-party login to applications in a standard way.

In a public letter to Craig Federighi, the OpenID Foundation writes that Apple has “largely adopted” OpenID Connect for Sign In with Apple, but that there are some notable differences. The foundation argues that the differences between Sign In with Apple and OpenID Connect limit the places customers can use Sign In with Apple and poses security and privacy risks.

The differences between OpenID Connect and Apple’s platform are being tracked here, where privacy and security risks are also detailed.

The current set of differences between OpenID Connect and Sign In with Apple reduces the places where users can use Sign In with Apple and exposes them to greater security and privacy risks. It also places an unnecessary burden on developers of both OpenID Connect and Sign In with Apple. By closing the current gaps, Apple would be interoperable with widely-available OpenID Connect Relying Party software.

To resolve these issues, the OpenID Foundation is calling on Apple to close the gaps between Sign In with Apple and OpenID Connect, publicly state that Sign In with Apple is interoperable with OpenID Connect, and join the OpenID Foundation.

You can read the full open letter here.

Read more: 

FTC: We use income earning auto affiliate links. More.

Hyper Cube automatic iPhone backups
You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Subscribe to 9to5Mac on YouTube for more Apple news:

Comments

Author

Avatar for Chance Miller Chance Miller

Chance is the editor-in-chief of 9to5Mac, overseeing the entire site’s operations. He also hosts the 9to5Mac Daily and 9to5Mac Happy Hour podcasts.

You can send tips, questions, and typos to chance@9to5mac.com.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications