During Apple’s annual WWDC keynote on June 3, software boss Craig Federighi said that privacy is in “everything we do” — and shortly thereafter put his money where his mouth was. The newest updates to Apple’s operating systems, including macOS, iOS and the brand new iPadOS, include new features designed to reduce the amount of data you share, both purposefully and incidentally. The most significant addition is “Sign in with Apple,” the company’s new method of logging into apps and services without sharing your personal information.
At a time when it seems like almost every tech company is trying to squeeze as much personal data from you as legally possible (and sometimes even more), many users will no doubt appreciate Apple’s efforts to protect their privacy. But the feature does not arrive without controversy. It’s a direct shot at two of Silicon Valley’s other biggest companies, Facebook and Google, both of which offer similar services, with the difference that they both collect user data. Meanwhile, Apple is requiring software developers that offer any similar services to also include Apple’s option, a curious demand given antitrust regulators are paying increasingly close attention to Big Tech in recent months.
On a technological level, Sign in with Apple is the company’s version of what’s called a Single Sign-On, or SSO. Rather than requiring users to come up with and remember a distinct username and password for every site and service they use, SSOs let users use one set of credentials — often their Facebook or Google login — across a wide array of them. For users, SSOs can be time-saving and convenient. They’re also convenient for developers, who can worry less about managing and protecting a database of full of usernames and passwords and focus more on making their apps and services even better.
By using most SSOs, you’re probably sharing more personal information than you realize, like your contact information or even location. Facebook and Google in particular use their SSOs to gather data for their advertising technology. They track your movements across the web and serve you up what they think are relevant ads, ensuring you’ll see those same jeans or your dream vacation wherever you go online.
But while Facebook and Google are advertising companies at heart and thus thrive on collecting data, Apple is a hardware and services company, making money by selling you iPhones and Apple Music subscriptions instead. That distinction lets Apple credibly take a privacy-first posture, and allowed it to build a sign-in button with all the convenience of rival offerings, but with privacy in mind. “Apple does not use Sign In with Apple to profile users or their activity in apps,” the company said in a press release announcing the upcoming iOS 13.
A secondary feature gives users the option to generate a random temporary email address for each app and service they use, which forwards emails from each service to their actual inbox. If users decide they no longer want communication from a particular site or service, they can disable the temporary address. That puts a buffer between users and advertisers looking to learn more about them, according to Gennie Gebhart, Associate Director of Research at the Electronic Frontier Foundation, a digital rights group. “Generating a dummy email address is a neat way to protect your email address, which is a more powerful identifier and ‘key’ to your online accounts than a lot of people realize,” says Gebhart.
Sign in with Apple could disrupt a fundamental premise of many popular apps and services: they’re free on the surface, but they make money through advertising or data collection. Any grand change to that bargain could require a major rethink of the digital economy. Meanwhile, some in the advertising technology business in particular are worried that Apple may fundamentally break that industry.
“Thinking further: ‘Sign in with Apple’ and email-relay breaks all sorts of downstream dynamics in adtech,” said Twitter’s product lead Sriram Krishnam in a tweet. “For example — this could really change how lookalike audiences work.” Since it’s harder to track a person with an ever-changing email address (rendering advertising profiles less insightful), it’ll be more difficult for advertisers to guarantee getting in front of similar audiences, making targeted ads less effective in the long run.
Others are less concerned. “You know, you can definitely see as the world moves away from URLs and into apps, you can see the long term implications of this being pretty significant for this platform,” says James Nord, CEO of Fohr, an influencer-focused marketing company. “The short-term, I think, will just be a little drop in ad efficacy.”
At the moment, Sign in with Apple looks as though it’ll a small victory in the fight for stronger privacy controls. How much it makes a dent in the overall amount of user data collected, or the types of targeted advertising users see on a daily basis, depends on adoption rates. And there’s also the issue of whether to trust Apple itself, says Gebhart. “Apple’s new sign-in service is definitely a step in the right direction, but it’s important to understand who it’s protecting you from,” says Gebhart. “In short, this kind of feature protects you from all sorts of scary third parties, but does not necessarily protect you from the company offering it — in this case, Apple.”