When two people quarrel, a third rejoices. After the two analyses by the colleagues, Jochen Siegert and Rafael Otero, what a Sign in with Apple means for the market – or does not mean, we now look at the functionality of the “Sign in with Apple”. The “Sign with Apple” is not the end of the line but the beginning of a real digital identity, we have already talked a little bit about it, but we will go one step further and take a look at the patents filed in recent months.
Not only the announcement to offer a 999 USD expensive display stand for the 5,000 USD expensive display as an accessory caused a surprise, but also the service “Sign with Apple” caused discussions. Also, within our team, which in the end led to two different views and articles, one vote and to the result that Rafael has to use an iPhone for one month. So, it’s time to shed some light on the situation and see how the service will work in the end.
“Sign In with Apple” is first and foremost a requirement for developers to implement Sign In with Apple whenever another single sign-on procedure such as “Login with Google” or “Facebook Connect” is implemented. In all clarity: Sign In with Apple is mandatory, not optional. One person’s joy, another’s suffering. What may seem good for the user does not necessarily lead to leaps of joy for the developers, because users get more control over their data and the developers just don’t. Nevertheless, Sign In with Apple also offers developers advantages such as two-factor authentication, fraud detection, and the ability to get started quickly and easily with the app.
The user has the same advantages as with other single sign-on services, with the difference that nothing but the name is passed on. No profile information and by request not even the real e-mail address.
Whether “Sign in with Apple” will actually become a Gamechanger in the market of single sign-on systems, is open. Despite all market power, Apple has been also wrong (see Ping).
Sign In with Apple in detail
With a Sign In with Apple, the developer only receives the name of the user, who is linked to his Apple ID. In addition, the real email address can be passed on or an Apple randomly generates an email that can is linked to the real email. In addition, Apple transmits a so-called “unique stable identifier”, a clearly pseudonymized identifier.
Users do not have to register with Sign In with Apple, i.e. users without a social account will in future receive a single sign-on solution without being registered with a social network such as Facebook, Twitter or Google.
Sign In with Apple also works on all iOS devices such as iPhone, iPad, Mac, Apple TV or the Apple Watch and also on Android devices. The latter via a detour, because Apple offers Sign In with Apple JS – a JavaScript-based possibility to use Sign In with Apple also on other devices. However, this is not comfortable, because the whole thing works via a web view. Existing logins are recognized, i.e.: if a user has already registered with his/hers e-mail to another service, Apple will notice this because Sign In with Apple is connected to the iCloud keychain. Since Apple offers the possibility to generate a kind of trash mail, which is forwarded to the service instead of the real mail, the question arises whether Apple can read it?
First: Apple routes the e-mails only to the user but is not an e-mail host. It would be possible that Apple could reads mails via a proxy. But that would be a one-way street anyway. In the truest sense of the word: Apple would only be able to read the mails that the user receives (marketing newsletters, mailings, etc.), but not the outgoing mails. Apart from the fact that Apple denies this, the gain in knowledge would be small and useless.
Developers can register up to 10 domains to communicate with users. Not even the trash mails can be passed on to third parties. Through this, companies can’t even share e-mails illegally. An additional protection against spam, as long as it comes by an e-mail.
Sign In with Apple=digital identity?
Digital identities must be seen as a spectrum. It starts with an anonymous e-mail and goes all the way to a verified and hardened identity. So, if you take this definition as a basis, Apple does offer a form of digital identity, even though only a part of the spectrum. Of course, this is not enough to conclude a legally secure contract with Sign In with Apple or for a KYC process of a bank. Not yet. Because almost a year ago Apple filed the patent number 20180225662.
“Digital identities must be seen as a spectrum. This ranges from an anonymous e-mail to a verified and hardened identity.”
And that describes the replacement of ID data as we know it. Or something like Apple Pay just for identities, with the difference that there are no banks that can play the spoilsport. In detail, the patent describes a “document import into a secure element”. This would allow ID data, driver’s license or social security data to be stored in the secure area of the iPhone and then made accessible to third parties such as mobile phone providers or banks.
This would eliminate the need for an identity service. No matter whether video identity or other identity services that have not yet been started are required. Even if not all patents are always applied, parts of them can already be seen today. Many universities are already digitizing student IDs and storing them in the Apple Wallet, which then grants access to the university via NFC. Japan has also announced that it will use the iPhone to read the My Numbers Card, for example.
Conclusion
Sign In with Apple can be the beginning of a larger identity service. What will be implemented in the end and which way the development will go is of course open, but there are increasing signs that “even more” could come. It all started with iOS 6 in 2012 and the digitalization of the board cards in the Apple Wallet. At that time nobody would have thought that all airlines would support this service. Today we know better. It went on with Apple Pay, Loyalty is also already working and now comes “Sign In with Apple”, another building block in the evolution of digital identities. In addition, there is the opening of the NFC interface, even if it doesn’t work for payment, developers can now also integrate tickets into the wallet and read them out with the help of NFC.