Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Apple Unveils Privacy-Focused Authentication System

Sign in with Apple

Apple announced on Monday at its 2019 Worldwide Developers Conference (WWDC) a new authentication system that should provide better privacy protections compared to similar products from Facebook and Google.

Sign in with Apple

Apple announced on Monday at its 2019 Worldwide Developers Conference (WWDC) a new authentication system that should provide better privacy protections compared to similar products from Facebook and Google.

The new Sign in with Apple system is advertised as fast, secure and privacy friendly. It allows users to sign in to a third-party application with their Apple ID, while making it more difficult for apps to track them.

Developers can add the Sign in with Apple button to their applications and users only need to tap it in order to authenticate via FaceID with a new account. The apps can request the user’s name and email address, but the new sign-in system allows them to hide the real email address and instead provide a randomly-generated address from where emails are forwarded to the user.

According to Apple, the new authentication mechanism works on iOS, macOS, tvOS and watchOS, and it can also be added to websites and apps running on other platforms.

Sign in with Apple is expected to become available for beta testing this summer. Once it becomes generally available later this year, developers will be required to add it to apps that support third-party logins.

“After witnessing Netflix customers and Amazon partners having their account hacked, this new feature from Apple is a much needed step in the right direction toward safer web commerce,” commented Shlomi Gian, CEO at CybeReady, a provider of autonomous cyber security awareness. “One area that would still remain vulnerable has to do with consumer behavior toward phishing as there are still too many instances where consumers literally give away their credentials to hackers unintentionally. Increased awareness might be the only way to reduce risk in the foreseeable future.”

However, some security experts are skeptical of Apple’s privacy-related claims.

“This feels like the exact same thing we already have, but with a promise from Apple that they will be nice,” Chris Morales, head of security analytics at threat detection and response firm Vectra, told SecurityWeek. “Google once had the slogan ‘don’t be evil’. It is all big companies trying to be the central point of authentication. I’m sure it works great, however, I think the privacy angle is more geared towards marketing than anything else.”

Apple also announced on Monday that its upcoming iOS 13, which should be launched this fall, will also include some privacy-focused enhancements, such as making it easier for users to prevent apps from tracking their location.

Related: Hackers Can Bypass macOS Security Features With Synthetic Clicks

Related: Google Criticizes Apple Over Safari Security, Flaw Disclosures

Related: Apple Patches FaceTime Spying Vulnerability

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...