Security Experts:

Apple Unveils Privacy-Focused Authentication System

Sign in with Apple

Apple announced on Monday at its 2019 Worldwide Developers Conference (WWDC) a new authentication system that should provide better privacy protections compared to similar products from Facebook and Google.

The new Sign in with Apple system is advertised as fast, secure and privacy friendly. It allows users to sign in to a third-party application with their Apple ID, while making it more difficult for apps to track them.

Developers can add the Sign in with Apple button to their applications and users only need to tap it in order to authenticate via FaceID with a new account. The apps can request the user’s name and email address, but the new sign-in system allows them to hide the real email address and instead provide a randomly-generated address from where emails are forwarded to the user.

According to Apple, the new authentication mechanism works on iOS, macOS, tvOS and watchOS, and it can also be added to websites and apps running on other platforms.

Sign in with Apple is expected to become available for beta testing this summer. Once it becomes generally available later this year, developers will be required to add it to apps that support third-party logins.

"After witnessing Netflix customers and Amazon partners having their account hacked, this new feature from Apple is a much needed step in the right direction toward safer web commerce,” commented Shlomi Gian, CEO at CybeReady, a provider of autonomous cyber security awareness. “One area that would still remain vulnerable has to do with consumer behavior toward phishing as there are still too many instances where consumers literally give away their credentials to hackers unintentionally. Increased awareness might be the only way to reduce risk in the foreseeable future.”

However, some security experts are skeptical of Apple’s privacy-related claims.

“This feels like the exact same thing we already have, but with a promise from Apple that they will be nice,” Chris Morales, head of security analytics at threat detection and response firm Vectra, told SecurityWeek. “Google once had the slogan ‘don’t be evil’. It is all big companies trying to be the central point of authentication. I’m sure it works great, however, I think the privacy angle is more geared towards marketing than anything else.”

Apple also announced on Monday that its upcoming iOS 13, which should be launched this fall, will also include some privacy-focused enhancements, such as making it easier for users to prevent apps from tracking their location.

Related: Hackers Can Bypass macOS Security Features With Synthetic Clicks

Related: Google Criticizes Apple Over Safari Security, Flaw Disclosures

Related: Apple Patches FaceTime Spying Vulnerability

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.