Why “Sign in with Apple” ought to give us mixed feelings
On Monday, at its Worldwide Developer Conference in San Jose, Apple introduced a privacy-focused login tool called “Sign in with Apple.” Like similar products from Facebook and Google, Apple’s login tool will authenticate you into various apps made by third-party developers. But unlike the Facebook and Google products, Apple’s is designed to share as little data with developers as possible. If offers fine-grained permission controls to let you opt out of sharing your full name or email address, for example. And if you do choose to share your email address, Apple will generate a random alias for you and forward it to your real account.
When Craig Federighi introduced the idea on stage, it struck me as a powerful and attractive alternative to the status quo. The only question, to my mind, was whether developers would adopt it. Facebook announced an anonymous login tool several years ago, but never shipped it, in part due to a lack of developer interest. (The whole point of making users log in to your app or website is, after all, to collect data about them.) Snap launched a similarly privacy-focused login tool last year, but adoption has been slow.
Later on Monday, it became apparent that Apple had already considered the possibility that its privacy-focused login tool would prove to be a dud with developers. And so the company simply made it mandatory for anyone that offers Google or Facebook login in the App Store. (Developers that use their own in-house login systems do not have to offer Apple login.) Sean Hollister reports:
On the one hand… of course! It’s Apple’s platform, and if Apple thinks developers should do something, that’s the company’s decision to make. Plus, there’s a genuine argument to be made that offering Apple single sign-in is doing the right thing by users — who will no doubt already be logged into their own iPhones and iPads, and are one thumbprint or glance away from adding an extra level of security to that sign-in with a biometric Touch ID or Face ID login.
On the other hand, this is a terrifying example of the power Apple wields over developers. Apple just announced this feature, and now every developer that got comfy with Facebook, Google, etc. is going to have to add (and find space to add) a button and the underlying code at some undetermined point later this year, or else abandon single sign-in entirely, or risk their livelihood getting cut off?
The timing of Apple’s announcement was remarkable — it came on the same day that we learned the Justice Department has been authorized to investigate Apple for potential violations of antitrust law. And it’s not just the Justice Department looking into the issue. Last month, the Supreme Court ruled that a customer could sue Apple on antitrust grounds for using its monopoly to drive up prices. This week, a group of iOS developers sued the company alleging anticompetitive practices. And on other issues where critics have raised antitrust concern, such as the company’s ban on many third-party parental control apps, Apple said this week that it would back off.
On the whole, I’m glad Apple built a login tool. With Snap’s similar tool launching a year ago, you could argue that we are seeing the dawn of a new era of authentication products built on the idea of gathering as little data as possible, rather than the reverse. Having a privacy-minded tech company building an identity product puts positive competition on its data-hungry rivals. And isn’t competition the thing that people like me are always begging for from the marketplace?
But when a company with Apple’s power in the marketplace makes a feature mandatory, it all starts to feel less like competition — and more like brute force. Perhaps there is no user privacy-focused login tool compelling enough to get most developers to adopt Apple login voluntarily. But that’s the free market at work — and I’d rather have the onus on Apple to make its products more compelling, rather than on developers to bend to its will.
In January, for reasons I found to be completely justified, Apple revoked the enterprise certificates that Facebook and Google rely upon to run their businesses. But still, I said, Apple’s power over other tech giants ought to worry the rest of us:
Tim Cook and his lieutenants dictate the terms of an enormous economy, and can change that economy on a whim. Today Apple may have acted out of consistency with its privacy principles, to the benefit of some consumers. (And to the detriment of anyone who was counting on that $20 gift card!) But as Apple faces more pressure to serve as, as Roose put it, de facto privacy regulator, we may find ourselves uncomfortable with its monopolistic power.
Here Apple as our de facto privacy regulator has shown its face again. I don’t know how precisely to weigh the value of more private login tools against the cost of making an entire developer ecosystem captive to the policy whims of the world’s biggest company. But perhaps that’s where our actual regulators — which is to say, Congress — should intervene. As the House of Representatives begins an inquiry into our tech giants, I hope they will.