The OpenID Foundation has raised (via AppleInsider) concerns about the upcoming ‘Sign In With Apple’ feature in a recent letter to Apple’s Software Engineering chief, Craig Federighi. According to the organization, although Apple adopted the OpenID Connect to build ‘Sign in with Apple’, the feature contains significant differences that expose users to greater security and privacy risks.
Apple unveiled Sign in with Apple earlier this month to allow users to log into apps and websites using their AppleID after iOS 13 and macOS Catalina become available in the fall. At the time, the company claimed that it is introducing the feature to improve privacy of customers.
However, the organization listed several differences to show that Apple’s system can be exploited to expose it to privacy and security threats. Moreover, the OpenID Foundation claimed that ‘Sign in with Apple’ places an unnecessary burden on itself and OpenID connect. As a result, the letter asked Apple to close the gaps as the current codes in Sign in with Apple isn’t compatible with OpenID Connect Relying Party software.
At the moment, we will have to wait to find out if Apple addresses the issues raised in the letter. While ‘Sign in with Apple’ is meant to improve privacy of Apple customers, the company received criticisms from developers with its decision to make the feature mandatory in case it uses any third-party sign-in options are enabled in an app or website.