Yesterday, Apple announced a new Sign In With Apple feature that would be available to developers for beta testing this summer. The idea behind the feature is that developers can offer users a significantly more private way of authenticating into any given iOS or MacOS app. Let's take a step back and understand why this matters and why simply using social authentication is a bad idea.
When a user signs into an application with Google or Facebook, for example, they are giving away far too much information. The fact is, Google and Facebook have too much information about each user. Controlling the flow of data is hard. Educating users on what is OK to approve and what is not when signing into third-party apps is hard. So we see things like the Cambridge Analytica scandal. We see users providing very personal information to apps they really shouldn't trust. But, social authentication is damn convenient. It's so much easier for both the user and the app developer. The alternative is requiring email/username and password. That in turn means the developer must manage those usernames and passwords. That's a risky proposition.
Apple's solution to this problem is build upon the convenience of social authentication but add a layer of privacy. By using the Sign In With Apple option, a developer will get a simple way to authenticate users into their app, and users will get a privacy preserving option to interact with said app. How is it privacy preserving? The Apple sign in approach only reveals enough data to authenticate the user. The email provided to the developer, for example, can be an annonymous email address generated by Apple. That email address, though, is still functional as Apple will relay messages to the user's actual email address. And users can revoke the relay mechanism and the email address.
This all sounds great. But then someone caught the fineprint.
Many people had a problem with the requirement that developers offer Apple's new sign in option in their apps. While it doesn't have to be the only option, Apple will, as the tweet above suggests, require the Sign In With Apple option be one of the options. Many called this anti-trust fodder. Many took this to be a flex of Apple's muscle. Many did not like this at all.
But I think many of these people are misrepresenting the problem. Or, at the very least, they are extending a different problem and applying it to this new feature.
Here's the deal. Apple's App Store is, without a doubt, a monopoly. While this hasn't been formalized in the courts yet, it seems to be heading that way. Apple provides a necessary service with their App Store. They protect consumers. They verify apps are not being malicious (as much as they can verify this type of thing). They do what users generally cannot do themselves. But none of that good takes away from the anti-competitive nature of the App Store. The only way to install an app on your iPhone is through Apple's App Store. So, as it stands, we don't know if other marketplaces could provide similar protections for users while offering, potentially, different apps or offering higher revenue share with developers. That feels like a textbook definition of a monopoly.
And that is where people seem to be frowning upon the Sign In With Apple feature. But adding a feature to an existing monopoly doesn't make that feature inherently bad. The feature should exist. It should just exist in a world where other app marketplaces for iPhone apps exist. Should a developer want to build an iPhone app that doesn't have this sign in feature, they should be able to do so and distribute it through a different channel. But because of the monopolistic nature of the App Store, that's not possible. And people are taking this new sign in feature as an extension of the underlying problem and conflating the feature with the root issue.
Apple is absolutely doing the right thing by requiring this option. Don't believe me? Read the Twitter thread below from a former Mozilla developer who worked on a similar privacy-protecting authentication mechanism for Mozilla.
Mozilla didn't flex their muscles and MozillaPersona died. Had they flexed their muscles like Apple is doing now with Sign In With Mozilla, we would very likely be living in a web app world with significantly better privacy protections in place for authentication.
Fight the right problems. The App Store monopoly is a worthy opponent. This new Sign In With Apple feature is not. Let's not attack the very things we've been clamoring for over the last few years.