
iOS now requires Sign On with Apple alongside other auth providers - catchmeifyoucan
https://developer.apple.com/app-store/review/guidelines/#sign-in-with-apple
======
k-ian
Sign in with Apple is not required if:

\- Your app exclusively uses your company’s own account setup and sign-in
systems.

\- Your app is an education, enterprise, or business app that requires the
user to sign in with an existing education or enterprise account.

\- Your app uses a government or industry-backed citizen identification system
or electronic ID to authenticate users.

\- Your app is a client for a specific third-party service and users are
required to sign in to their mail, social media, or other third-party account
directly to access their content.

~~~
JoshTriplett
There's an additional point above that which is more important:

> Apps that use a third-party or social login service (such as Facebook Login,
> Google Sign-In, Sign in with Twitter, Sign In with LinkedIn, Login with
> Amazon, or WeChat Login) to set up or authenticate the user’s primary
> account with the app must also offer Sign in with Apple as an equivalent
> option.

You only have to offer "Sign in with Apple" if you already have third-party
login options. It would be completely unreasonable to require adding a third-
party login option if you don't already have one. But if you already have
third-party login options, having uniformity seems reasonable.

~~~
cma
> It would be completely unreasonable to require adding a third-party login
> option if you don't already have one. But if you already have third-party
> login options, having uniformity seems reasonable.

What if they required the same thing on websites by having their browser
engine look for Facebook/Google sign ins and require an Apple one be present
before displaying the page?

~~~
jacurtis
They sort of do...

Not explicitly as you implied. But implicitly it is required. Let me explain.

You own a service that has social authentication with Google, Facebook,
Twitter, etc.. You have web, desktop, and mobile apps for this service (or
some combination thereof).

Your iOS app now requires you to offer "Sign in with Apple" as an auth
provider, because you already offer Google, Facebook, Twitter, etc.. So you
add "Sign in With Apple" to your iOS app because Apple requires because of
their monopoly for distribution on iOS devices. So you now add Apple auth as
an authentication option within the iOS app.

Now what happens if a user signs up in your iOS app with Apple's Auth? How are
they going to log in on your website, desktop, Browser extension, or anything
else? Well, I guess you now need to add "Sign in with Apple" on those devices
too.

Once you offer an auth provider as an option on one device, it must now be
offered throughout your platform on all devices or you risk locking users out.

Thus, if you offer social auth for authentication, and you want distribution
on at least one iOS device, you are implicitly required to offer Apple
Authentication across your entire platform.

And that is the power of Apple's distribution monopoly on iOS.

Oh, and before you think "well we will just boycott iOS" for my platform. Good
luck. You won't get very far (in the US at least) without iOS support if you
are just starting. Even an established company would struggle to succeed
without iOS support. Imagine if Uber just said "Fuck it, no more iOS app". All
their iOS users would say "Fuck it, no more Uber then, Lyft here I come".

~~~
the_gipsy
> Once you offer an auth provider as an option on one device, it must now be
> offered throughout your platform on all devices or you risk locking users
> out.

Is it feasible to not do this, and instead tell users to add any one of the
existing auth methods to their account in addition to Apple's, if they want to
use the app on another OS?

------
cageface
Maybe this is really done out of concern for the user but it's awfully
convenient how many of Apple's "privacy" moves also bind their users more
tightly into their ecosystem.

~~~
hugi
Personally I'm sincerely grateful there's at least one company that gives a
shit about my privacy. And I will never understand why some people choose to
attack them for it.

~~~
cageface
Because no matter how much you trust Apple's good intentions now you also have
to trust them in perpetuity. When you relinquish your own power and agency to
a third party it can be very hard to get it back. Maybe you trust Apple and
Tim Cook today but do you trust their next CEO and the next?

It's the same reason I don't let Google keep any of my browsing and location
history even though I might benefit from that as a user today. I don't trust
what they might want to do with that data later.

If you think any billion dollar company is acting in any interests but its own
you're being naive.

~~~
sjwright
Your logic defeats your own argument. If we shouldn't trust billion dollar
companies it stands to reason that the fewer few billion dollar companies we
trust, the better. If you're already in the iPhone ecosystem, you're already
placing a lot of trust in Apple. So using _Sign In With Apple_ means trusting
a company that you already trust.

~~~
cageface
I don't trust any of them. The point is Android gives me an escape hatch. If
necessary I can use an Android phone and apps without ever logging into any
Google service. This isn't possible on an iPhone

~~~
tatersolid
_”If necessary I can use an Android phone and apps without ever logging into
any Google service.”_

I don’t think this is actually feasible _in practice_. I’ve never encountered
a real person using a Google-free android device as their daily driver in the
wild. I work in security, and actually ask android users I encounter if they
are worried about GOOG data collection or whatever. Nobody ever responds with
“I’m Google-free”.

------
onyva
That’s great news. I never use apps that force me to login with either Google
Facebook or twitter. There should always be an option to login with an email
address and Apple’s login with disposable non personal email is really easy
and useful.

~~~
isofivepatoi
Yes. Given the other article on the front page regarding the guy who got
dragged in by the dystopian drag net, we need companies who don’t rely on
keeping our information in PII form in order to make money or hold their stock
value.

This should be cheered by all.

~~~
76543210
I'm a FOSS person.

This is a massive step back in progress. I weep for everyone stuck in a single
company's ecosystem. You will be abused before it's over.

~~~
highlandinfo
You have not read the guideline carefully or have misinterpreted it; nothing
in it locks the end-user into Apple's ecosystem. The requirement is only that
if the app uses a third-party authentication system (Facebook, Google, etc.),
it must also offer Sign In with Apple alongside it.

You're free to roll your own sign-in system, in which case you are _not_
required to offer Sign In with Apple.

Not seeing a problem here.

~~~
buboard
sign in with apple locks you into apple's caprices, there is no way around
that. Apple will know where you 're signing in , and you will lose access to
your account if apple decides they no longer like the app, or they no longer
like you.

------
dmitshur
If an app supports the IndieAuth protocol [1] for the purposes of
authenticating the user's primary account, would that be considered "a third-
party or social login service" and be forced to also support "Sign in with
Apple"?

It is third-party in the sense the user (who is a third party from the
perspective of the app) is supplying the authentication service, but it's not
a pre-existing social login.

It's likely that the IndieAuth protocol wasn't on their radar, and so they
haven't considered it when coming up with this rule.

[1]: [https://indieauth.net/](https://indieauth.net/)

------
pensatoio
As someone who switched from Android to iOS about eight years ago, I
understand how people on both platforms might react to this negatively.
However, I, for one, am very happy this is happening.

I _hate_ signing in with social accounts, but sometimes it's so much easier
than trying to sign up with an app's custom sign up form. I will happily pick
Sign On with Apple 100% of the time to avoid linking to my Facebook or Google
identity.

------
jcrites
Pretty sure this was announced at the same time as Sign On with Apple
originally, no?

According to the Wayback Machine, the same terms were present as early as
October 1st 2019 (maybe earlier; didn't look):

[https://web.archive.org/web/20191001161920/https://developer...](https://web.archive.org/web/20191001161920/https://developer.apple.com/app-
store/review/guidelines/)

~~~
satysin
When Sign in with Apple was announced it was stated it wouldn't be a
requirement until April 2020.

As per
[https://developer.apple.com/news/?id=09122019b](https://developer.apple.com/news/?id=09122019b)

------
diebeforei485
I think this is great, actually. I wouldn't have created a TikTok account if
not for their anonymous email relay feature.

~~~
tatersolid
How “anonymous” is a feature from a social media company operated from a
totalitarian state?

------
gruez
Good. There was some app I downloaded last year which only had facebook or
google sign on. You couldn't register with an email. I ended up deleting the
app.

------
VoxPelli
Introduction session from last years WWDC:
[https://developer.apple.com/videos/play/wwdc2019/706/](https://developer.apple.com/videos/play/wwdc2019/706/)

------
gerash
That would've been called an antitrust abuse by any other company but it seems
Apple gets a pass by its fans.

Apple ecosystem is completely closed off. It does make it easier to ship
software. For example they've hijacked SMS by creating their own iMessage,
they tried to take full control of the mobile news publishing until Google
came up with AMP and they have been dragging their feet when it comes to new
web standards in Safari because they prefer native apps.

So the morale of the story is as long as you ship quality products you'll get
a pass for tactics other companies don't usually get a pass for. None of
openness, fairness, privacy, etc. matters really.

~~~
hurricanetc
Apple has around 13-14% of the smartphone market. In your opinion this is a
high enough percentage to qualify as a monopoly????

Please explain.

~~~
burnte
Antitrust behavior != monopoly. This using it's lock on all iOS customers to
force app creators to also use Apple's signin service. It doesn't have to have
a monopoly, it's still an abuse of it's position. The app store itself is
already under attack as anti competitive, this is just another extension of
that behavior.

~~~
hurricanetc
Antitrust behavior requires a monopoly. It’s part of the basic definition of
antitrust.

And the comment was edited anyway. It originally did say monopoly.

------
PierceJoy
Good. It's 10x better than any other sign on system out there. The ease of use
and privacy protections are incredible. This will force the other companies to
up their game or get left behind as no user in their right mind would use
something else if given the choice.

~~~
wutwutwutwut
Since I haven't used it, I'm curious: How is the ease of use so much better
than with other systems?

~~~
PierceJoy
Tap the Sign on with Apple button. Native dialog pops up with two sections.
First section shows your name with an edit button. You can change your first
and last name to whatever you want. Second section has two radio buttons,
provide your real email address or provide a proxy address. Click continue.
Done.

------
hurricanetc
Sign In with Apple is one of the biggest privacy advances of the last few
years. I am all for anything that forces more adoption among developers.

------
gojomo
Very analogous to the ‘tying’ that can be prosecuted under antitrust law.

[https://en.wikipedia.org/wiki/Tying_(commerce)](https://en.wikipedia.org/wiki/Tying_\(commerce\))

~~~
tptacek
In what way? SIWA isn't a product and the features it "competes" with (Google
and Facebook OIDC) aren't really products either, and Apple is only requiring
that SIWA be available alongside them as an option.

~~~
gojomo
Do customers receive a benefit from these sign-in services, and then do Apple,
Facebook, Google also receive some form of compensation in return for the
costs/overhead of providing such services? That Apple/FB/Google compensation
being some mix of: other product purchases, user behavioral data (including
the valuable extra peek into their usage of these 1st-party apps), additional
ad impressions of higher value with this deeper customer lock-in, etc.

A hyperliteralist could argue over what exactly the product/service is, in
each case - sign-on itself? The whole stack of other customized media these
companies serve to the same users? Synergistic old products or bulled
services? The app store?

But the fact pattern, & effect of a ‘big guy’ using market power to force
partners/customers/users/developers/competitors to unnaturally add a new, pro-
Apple-profits option to their own separate offerings quacks like antitrust
tying.

~~~
alwillis
_pro-Apple-profits option to their own separate offerings quacks like
antitrust tying._

No, it doesn't.

First, there’s been no ruling that Apple is a monopoly, which by the way,
isn’t illegal. With their 20% global market share [1], they clearly aren't a
monopoly.

Do they have a monopoly in the iOS app market? Absolutely, but that's to be
expected. It’s their platform that developers have agreed to their terms of
service. Nobody is being forced to develop on their platform, especially since
they aren't the market leader.

This is nothing like the antitrust lawsuit against Microsoft back in the day,
after a federal decent decree forbidding Microsoft from using their 95% market
share that was obviously a monopoly from tying Internet Explorer to Windows.

Of course, they went ahead anyway, declaring that Internet Explorer was so
integrated into Windows that it could not be removed, which proved to be
false.

Microsoft threatened to cancel the Windows licenses of various PC
manufacturers if they continued to ship Netscape Navigator instead of IE,
clearly abusing their monopoly power.

Apple doesn’t have a smartphone monopoly; there hasn't been any ruling to the
contrary. They are only requiring Sign in with Apple if a developer already
provides social logins.

Apple gives developers 2FA, verification of the login being a real person and
not a bot. Users get to be anonymous by using a proxy email address if they
choose. And there's no tracking by companies who make the vast majority of
their revenue by monetizing user information. And it works on macOS, iOS,
watchOS, the web, and Android devices.

It would be hard to argue users don't benefit from this.

[1]: [https://www.statista.com/statistics/216459/global-market-
sha...](https://www.statista.com/statistics/216459/global-market-share-of-
apple-iphone/)

~~~
gojomo
There's no requirement that there be a "ruling that Apple is a monopoly"
before we observe, based on the facts, that they are doing things that run
afoul of antitrust law, or what antitrust law "should" be to maximize welfare.
Rulings are a trailing indicator, not a leading indicator.

Whether users benefit or not is not necessarily relevant for antitrust
analysis; it is only since the Reagan era that direct consumer damage was
considered a requirement for antitrust prosecutions. Most of the
economics/antitrust experts favored by Democratic Party legislators or
possible Presidents seek a return to the pre-Reagan enforcement standards, or
new standards based on the unique economics of new tech-enabled platform
business models.

------
dang
Related recent threads:

[https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...](https://hn.algolia.com/?dateRange=all&page=0&prefix=true&query=comments%3E2%20sign%20%22with%20apple%22&sort=byDate&type=story&storyText=none)

------
dmitryminkovsky
It looks like Apple Sign On only works with iOS >=13. If someone creates an
account on a new device, they won't be able to sign in using an old device on
12? Should I drop support for 12 in my app?

~~~
TrueGeek
It’s likely you may want to anyway. Do you usage logs show any users on 12?

~~~
ValentineC
I'm still on iOS 12.4 on an iPhone XS, and I'm reluctant to update.

------
topherPedersen
Dealing with Apple and the App Store is such a pain. As a cross platform
(React/React-Native) developer, I worry about supporting iOS users last
because of all the hoops Apple makes you jump through to develop and publish
an app. When I publish on the Google Play Store my app always gets approved
within a few hours. The same approval process for the App Store takes days.
Everything costs more too... I can develop for Android on a $400 computer
targeting a $100 phone. In order to develop for iOS I use $4,000 computer and
a $500 phone. So now I've adopted a new 3 platform strategy: web, android,
iOS. If I can publish on all three, great! Two out of three? That works too.
In the worst case scenario I'll still be able to target 1 of the three.

~~~
lukevp
This is really exaggerated. You can get a current-gen Mac mini for $800 if you
don’t want to buy used or a previous gen, you don’t need a $4000 computer to
run Xcode. Also approval times on Apple are a few hours these days, when was
the last time you published an app on the App Store? It used to be 7-14 days
but it’s not like that anymore.

------
Mikho
The only reason for 3rd party authorization is that these 3rd party auth
services are ubiquitous unlike Apple's one. How the hell Apple expects people
to use a service with an Apple auth in Windows 10 Edge browser is beyond any
reasonable explanation. And definitely no sane developer would require users
to use Apple's auth outside Apple ecosystem.

So, what we see here is a dictatorship of a monopolist player to lock users
into their own ecosystem. That's a weak move that shows how insecure Apple is
as to users' churning. Shame.

------
steve_taylor
Does it apply to social games that optionally allow users to sign in with
Facebook to compare their progress with that of their friends? Sign in with
Apple would seem utterly useless for this very common use case.

~~~
VoxPelli
For that Apple already has Game Center, and Sign In with Apple is no social
network, so it by itself could not replace anything like that

------
fmakunbound
This is great. iPhone might be the smaller platform, but your app ain’t shit
until you have it Apple’s App Store. Definitely a plus for iPhone users, and
doesn’t matter for the other platform.

------
buboard
Good move, this will push a lot of developers away from the app store, and
back into making websites instead of apps. Having your user base locked in by
apple is much more precarious than other sign-in providers who are nonchalant
about rejecting/censoring developers.

As for the users opting in to have their emails directly relayed and read by
apple .... i don't know what to think of it.

------
dwardu
It’s a convenient thing but this will slow down development for dev teams that
don’t have the time to set this up. Apple should at least do some sort of
“countdown” of releases, e.g. you can release updates for security but you
must implement this within the next X feature releases.

------
rdl
Seems at least as bad as what got Microsoft consent decreed back in the 90s...

------
hamilyon2
That could actually degrade user choices in exchange of more privacy in ios
apps.

Developers could remove other login choices in favor of their own email based
login.

~~~
Betelgeuse90
Generally you can't remove a login choice that easily. If you already have
your own login + 3rd party logins, removing a 3rd party can create friction
with your existing users.

If you only had 3rd party logins, then you can either remove them and develop
a single first party login, or add Apple's login (which is likely much easier
and safer). It's pretty clear to me what the incentives look like for
developers these cases, and they don't seem like they could result in less
choice.

------
techntoke
Imagine the hate Google would get here it they had something similar.

~~~
ethanbond
Well Google’s intent in doing so would be solely to siphon up more user data,
which is distinct and totally worth criticizing.

~~~
chillacy
I don’t know if the ends should justify the means. Apple is the only pro
privacy player in the space but they still run their developer programs with
an iron fist.

~~~
Mirioron
Is Apple actually pro privacy? Or do they just brand themselves as that, while
not really caring much about it?

~~~
untog
I’ve seen it said before that Apple is pro-privacy because it suits them from
a marketing standpoint. They tried being an anti-privacy ad provider with iAds
and failed at it, so this pivot helps them.

A cynical read on the situation but it’s as valid as any.

~~~
pwinnski
The timeline doesn't work for that read. They were pushing their privacy
credentials before launching iAds, and iAds failed as many predicted precisely
because they wouldn't compromise their privacy stance.

~~~
kitsunesoba
Yep, Apple had trouble selling spots on iAd because the program had only very
coarse targeting and shared almost no viewer info with advertisers. Apple
wanted iAds to function more like newspaper ads than web ads.

------
diegoperini
What is the difference between sign-in and sign-on if there are any?

~~~
codezero
Pretty sure they are analogous like log in and log on.

------
awinter-py
hello antitrust my old friend

~~~
kerbs
Under what definition of antitrust is this?

You can still sign in with one of those social providers. You can always put
your money somewhere other than Apple.

~~~
ascorbic
You could've argued that same with IE back in the day. Didn't stop it being a
breach of antitrust law

~~~
JimDabell
That was overturned upon appeal and then Microsoft settled to avoid any
further legal troubles. I don't think you can claim that was a breach of
antitrust law.

------
bruceb
So all iOS apps must now offer Apple sign-in?? I am getting this right, this
seems like it would trigger some anti trust action?

~~~
KukicAdnan
Only if they offer other social login options like Facebook and Twitter for
example. If the app doesn't support oAuth, then there's no requirement to have
sign in with apple.

~~~
bruceb
Still seems a bit crazy. Dictating that apps have to have Apple login.

Seems no real justification other than Apple can use its power.

~~~
ocdtrekkie
The important highlight is that Sign in with Apple allows somewhat anonymous
login. So Apple can argue it is requiring everyone to support a more privacy-
friendly login option.

~~~
ardit33
They are not....

They could have said, if your app has social network log in, must support a
more anonymous way as well.... and not must support Apple's login service.....
which might/might not be good for users....

~~~
notSupplied
If you look at the rules, that is exactly what they are doing. If you provide
a form of 3rd party login that isn’t the following things: (...list of sign
ins that are all not the kind of “Sign in with Facebook / Google”, you are
exempt.

So it seems pretty targeted:apps that provide FB or Google sign in must also
provide Apple sign in, which has an anonymous option.

As a user I’m loving this. Worrysome use of AppStore power aside...

------
kimsant
How to detect a blind apple supporter?

\- He says, Apple is pro privacy \- He redirects systematically with some 301
all monopolistic apple moves to Facebook concerns or Google. \- Finally he has
a fallback gateway when discusing "don't buy apple" if you go with "I want to
be free about that thingy in my iPhone"

Apple is pro Money, and all it does is 2 things now : \- More Money \- Brand
image building, apple is PC , apple is the PC Fraternity of southPark haha,
and blind supporters are its members.

