However, I've never built anything directly used "by the public", nor am I very familiar with how Apple Sign in works.
So I'm wondering, as the developer of a trustworthy app, what's the drawback in the user giving an obfuscated address?
Is it not possible for you to contact the user using this address? Does the user have to manually allow getting mail to this address or somehow jump through some hoops to read it?
Thanks for the clarification, I didn't think of this scenario.
This looks like a pretty big problem, as I can imagine a situation where the user doesn't have access at all to the app and may not have kept the initial email with any identifying info.
Isn't there an easy way for the user to know which obfuscated address was used for which app?
This email address is used for a lot of communication with Apple, e.g. receipts from App Store.
I bought my iMac on the Apple store, and the receipt was also sent to my personal account.