Is that true? If the only email address that a company has for a user is a forwarding address created through Sign In, wouldn't Apple banning the company from the App Store presumably also cause them to get rid of the email forward, meaning that nothing the company sends will actually reach the customer?
If a company is abusing Apple's users I'm sure that they could?
But you're right, it does give Apple power, just the same power that has already ceded to Facebook and Google through their logins.
The reality is that companies need to understand that user's are sick and tired of being spammed, and are rightly annoyed by needing to provide every company with their email address for no good [to the user] reason.
I think the difference is that with a Facebook or Google login, companies could also easily just require that they get permission to see the user's email address (which isn't super uncommon to see with OAuth logins), so they wouldn't need continual access to OAuth after the first login (unless a user switched to a new email address and stopped checking the old one, which I think is somewhat rare).
I totally agree with your point that this is arguably a good thing, though; although I don't personally own or use any Apple products, there are fairly few services I'd want to sign up for that I'd want to ensure that they had my real email, and I'd be happy to make sharing my email address an opt-in choice rather than the default.
