Apple’s new privacy login feature puts security at risk

A majority of the world’s population are Apple users. The reason why most people prefer apple devices over Android is because of privacy policies. Apples always maintain strict privacy structure for their users which eases the people in a lot of ways. Users don’t have to worry about their data security in Apple devices as long as they do everything according to the company’s policy.

Over the past years, Apple upgraded a lot of things, always updating and providing unique features to attract more consumers. Apple always tries to bring a change in the people lives that can ease everything for them and make them depend on Apple devices more than usual.

With the announcement of iOS 13, iPadOS and MacOS at WWDC 2019, Apple improved the performance and operating systems of its devices and along with that they introduced a new privacy-focused feature called ‘Sign in with Apple’.

OpenID foundation questions the implementation of the new feature

Although the new ‘Sign in with Apple’ feature has been widely appreciated but some questions regarding its implementation arise as well.

According to the tech giant 'Sign in with Apple' is more secure way than Sign in with Twitter, Google or Facebook. It uses touch or Face ID to authenticate the user. It doesn’t send any personal information to the app developers or the website.

Although OpenID foundation praised this feature they also have privacy concerns regarding this feature. The privacy feature uses a standardized protocol that is used by several Sign-in platforms. It lets the developers authenticate users without them having to use any extra passwords. But these differences can put user security and privacy at risk

The main culprit behind security concern

Apple uses OpenID Connect feature in 'Sign In with Apple' however it is not fully inline with each other's code, this exposes them to greater security and privacy threats. This gap also puts a burden on the developers of both OpenID connect and Sign In with Apple. By reducing the gaps between them Apple would be interoperable with OpenID connect relying party software.


The OpenID Foundation urged Apple to removes these gaps between the features and Use OpenID test suite to improve the security. Apple made it necessary for all the third-party apps to integrate Sign In with the Apple button. The developers also need to put the button above the SSO options.

There is still no response from Apple yet about this security threat.


Photo: AP

Read next: How Will Apple Look Like After John Ive's Resignation? More Details On His Future Plans And Contributions As Chief Design Office

No comments:

Post a Comment