One of the bigger security announcements from Apple’s Worldwide Developer Conference this week is Apple’s new requirement that app developers must implement the company’s new single sign-on solution, Sign In with Apple, wherever they already offer another third-party sign-on system.
Apple’s decision to require its button in those scenarios is considered risky — especially at a time when the company is in the crosshairs of the U.S. Department of Justice over antitrust concerns. Apple’s position on the matter is that it wants to give its customers a more private choice.
From a security perspective, Apple offers a better option for both users and developers alike compared with other social login systems which, in the past, have been afflicted by massive security and privacy breaches.
Apple’s system also ships with features that benefit iOS app developers — like built-in two-factor authentication support, anti-fraud detection and the ability to offer a one-touch, frictionless means of entry into their app, among other things.
For consumers, they get the same fast sign-up and login as with other services, but with the knowledge that the apps aren’t sharing their information with an entity they don’t trust.
Consumers can also choose whether or not to share their email with the app developer.
If customers decide not to share their real email, Apple will generate a random — but real and verified — email address for the app in question to use, then will route the emails the app wants to send to that address. The user can choose to disable this app email address at any time like — like if they begin to get spam, for example.
The ability to create disposable emails is not new — you can add pluses (+) or dots (.) in your Gmail address, for example, to set up filters to delete emails from addresses that become compromised. Other email providers offer similar features.
However, this is the first time a major technology company has allowed customers to not only create these private email addresses for sign-ins to apps, but to also disable those addresses at any time if they want to stop receiving emails at them.
Despite the advantages to the system, the news left many wondering how the new Sign In with Apple button would work, in practice, at a more detailed level. We’ve tried to answer some of the more burning and common questions. There are likely many more questions that won’t be answered until the system goes live for developers and Apple updates its App Review Guidelines, which are its hard-and-fast rules for apps that decide entry into the App Store.
1) What information does the app developer receive when a user chooses Sign In with Apple?
The developer only receives the user’s name associated with their Apple ID, the user’s verified email address — or the random email address that routes email to their inbox, while protecting their privacy — and a unique stable identifier that allows them to set up the user’s account in their system.
Unlike Facebook, which has a treasure trove of personal information to share with apps, there are no other permissions settings or dialog boxes with Apple’s sign in that will confront the user with having to choose what information the app can access. (Apple would have nothing more to share, anyway, as it doesn’t collect user data like birthday, hometown, Facebook Likes or a friend list, among other things.)
2) Do I have to sign up again with the app when I get a new iPhone or switch over to use the app on my iPad?
No. For the end user, the Sign In with Apple option is as fast as using the Facebook or Google alternative. It’s just a tap to get into the app, even when moving between Apple devices.
3) Does Sign In with Apple work on my Apple Watch? Apple TV? Mac?
Sign In with Apple works across all Apple devices — iOS/iPadOS devices (iPhone, iPad and iPod touch), Mac, Apple TV and Apple Watch.
4) But what about Android? What about web apps? I use my apps everywhere!
There’s a solution, but it’s not quite as seamless.
If a user signs up for an app on their Apple device — like, say, their iPad — then wants to use the app on a non-Apple device, like their Android phone, they’re sent over to a web view.
Here, they’ll see a Sign In with Apple login screen where they’ll enter their Apple ID and password to complete the sign in. This would also be the case for web apps that need to offer the Sign In with Apple login option.
(Apple does not offer a native SDK for Android developers, and honestly, it’s not likely to do so any time soon.)
5) What happens if you tap Sign In with Apple, but you forgot you already signed up for that app with your email address?
Sign In with Apple integrates with iCloud Keychain so if you already have an account with the app, the app will alert you to this and ask if you want to log in with your existing email instead. The app will check for this by domain (e.g. Uber), not by trying to match the email address associated with your Apple ID — which could be different from the email used to sign up for the account.
6) If I let Apple make up a random email address for me, does Apple now have the ability to read my email?
No. For those who want a randomized email address, Apple offers a private email relay service. That means it’s only routing emails to your personal inbox. It’s not hosting them.
Developers must register with Apple which email domains they’ll use to contact their customers and can only register up to 10 domains and communication emails.
7) How does Sign In with Apple offer two-factor authentication?
On Apple devices, users authenticate with either Touch ID or Face ID for a second layer of protection beyond the username/password combination.
On non-Apple devices, Apple sends a six-digit code to a trusted device or phone number.
8) How does Sign In with Apple prove I’m not a bot?
App developers get access to Apple’s robust anti-fraud technology to identify which users are real and which may not be real. This is tech it has built up over the years for its own services, like iTunes.
The system uses on-device machine learning and other information to generate a signal for developers when a user is verified as being “real.” This is a simple bit that’s either set to yes or no, so to speak.
But a “no” doesn’t mean the user is a definitely a bot — they could just be a new user on a new device. However, the developer can take this signal into consideration when providing access to features in their apps or when running their own additional anti-fraud detection measures, for example.
9) When does an app have to offer Sign In with Apple?
Apple is requiring that its button is offered whenever another third-party sign-in option is offered, like Facebook’s login or Google. Note that Apple is not saying “social” login though. It’s saying “third-party,” which is more encompassing.
This requirement is what’s shocking people as it seems heavy-handed.
But Apple believes customers deserve a private choice, which is why it’s making its sign-in required when other third-party options are provided.
But developers don’t have to use Sign In with Apple. They can opt to just use their own direct login instead. (Or they can offer a direct login and Sign In with Apple, if they want.)
10) Do the apps only have to offer Sign In with Apple if they offer Google and/or Facebook login options, or does a Twitter, Instagram or Snapchat sign-in button count, too?
Apple hasn’t specified this is only for apps with Facebook or Google logins, or even “social” logins. Just any third-party sign-in system. Although Facebook and Google are obviously the biggest providers of third-party sign-in services to apps, other companies, including Twitter, Instagram and Snapchat, have been developing their own sign-in options, as well.
As third-party providers, they too would fall under this new developer requirement.
11) Does the app have to put the Sign In with Apple button on top of the other options or else get rejected from the App Store?
Apple is suggesting its button be prominent.
The company so far has only provided design guidelines to app developers. The App Store guidelines, which dictate the rules around App Store rejections, won’t be updated until this fall.
And it’s the design guidelines that say the Apple button should be on the top of a stack of other third-party sign-in buttons, as recently reported.
The design guidelines also say that the button must be the same size or larger than competitors’ buttons, and users shouldn’t have to scroll to see the Apple button.
But to be clear, these are Apple’s suggested design patterns, not requirements. The company doesn’t make its design suggestions law because it knows that developers do need a degree of flexibility when it comes to their own apps and how to provide their own users with the best experience.
12) If the app only has users signing up with their phone number or just their email, does it also have to offer the Apple button?
Not at this time, but developers can add the option if they want.
13) After you sign in using Apple, will the app still make you confirm your email address by clicking a link they send you?
Nope. Apple is verifying you, so you don’t have to do that anymore.
14) What if the app developer needs you to sign in with Google, because they’re providing some sort of app that works with Google’s services, like Google Drive or Docs, for example?
This user experience would not be great. If you signed in with Apple’s login, you’d then have to do a second authentication with Google once in the app.
It’s unclear at this time how Apple will handle these situations, as the company hasn’t offered any sort of exception list to its requirement, nor any way for app developers to request exceptions. The company didn’t give us an answer when we asked directly.
It may be one of those cases where this is handled privately with specific developers, without announcing anything publicly. Or it may not make any exceptions at all, ever. And if regulators took issue with Apple’s requirement, things could change as well. Time will tell.
15) What if I currently sign in with Facebook, but want to switch to Sign In with Apple?
Apple isn’t providing a direct way for customers to switch for themselves from Facebook or another sign-in option to Apple ID. It instead leaves migration up to developers. The company’s stance is that developers can and should always offer a way for users to stop using their social login, if they choose.
In the past, developers could offer users a way to sign in only with their email instead of the third-party login. This is helpful particularly in those cases where users are deleting their Facebook accounts, for example, or removing apps’ ability to access their Facebook information.
Once Apple ID launches, developers will be able to offer customers a way to switch from a third-party login to Sign In with Apple ID in a similar way.
Do you have more questions you wish Apple would answer? Email me at email@example.com
Samsung will announce new foldables on August 11 – TechCrunch
Samsung just sent out invites for its next Unpacked event. There are those companies that like to sneak hints into their invites — and then there’s Samsung. The note leads with the big, bold words “Get ready to unfold” and features a pair of flat-colored objects that can reasonably be said to resemble the form factors of the Galaxy Z Fold and Flip, respectively.
In keeping with…the general state of the world over the past year-and-a-half, the event will be held virtually on Wednesday, August 11. Interestingly, the company is also opening up preorders on its “next flagship,” sights and specs unseen. Perks for early preorders include “12 free months of Samsung Care+, up to an extra $200 trade-in credit and a special pre-order offer.”
But honestly, it’s generally best to wait until you actually see the thing and maybe even read a review or two.
There’s a lot to unpack (so to speak) ahead of the event. First, I’m probably not alone in expecting that the company would focus its next big event on the upcoming Galaxy Watch. The big event at MWC was a bit of a dud (not unlike MWC itself), offering up more information on the upcoming wearable partnership with Google, in lieu of announcing any hardware.
As the company noted at the time, “The upcoming One UI Watch will debut at an upcoming Unpacked event later this summer, sporting the new UI, as well as the forthcoming joint Samsung/Google platform.”
It seems reasonably likely that this will be the event where that will occur, even if the new watch doesn’t get top billing. For one thing we’re running out of summer. For another, rumors have the new Galaxy Watch set for a late-August (the 27th) release.
All told, this could well be a pretty huge summer event for the company, bucking last year’s trend of meting out devices one by one at virtual invents. Word on the street is we could be seeing a Galaxy Watch 4, Galaxy Z Fold 3, Galaxy Z Flip 3, Galaxy S21 FE (“Fan Edition” — basically the latest version of the company’s budget flagship) and even the Galaxy Buds Pro, which will more directly take on the AirPods Pro (which are getting a bit long in the tooth).
What’s missing in all of this? No points if you said the Note. Samsung’s well-loved phablet is reportedly not coming this year, as chip shortages continue to plague the industry. That would be a big hit to Samsung’s six-month cycle, though we’ll see how that all plays out soon enough.
The August 11th event kicks off at 10AM ET / 7AM PT.
Kdan Mobile gets $16M Series B for its cloud-based content and productivity tools – TechCrunch
Kdan Mobile, a company that provides a wide range of cloud-based software, including AI-based tech for organizing documents, has raised a $16 million Series B. The round was led by South Korea-based Dattoz Partners, which will also take a seat on Kdan Mobile, and included participation from WI Harper Group, Taiwania Capital and Golden Asia Fund Mitsubishi UFJ Capital.
Launched in 2009, Kdan Mobile has focused on developing content creation and productivity software for mobile devices from the start, founder and chief executive officer Kenny Su told TechCrunch. “We’ve observed more and more industries embracing remote or hybrid work for years now, even before 2020,” he said. “We always sensed that trend would continue.”
Kdan Mobile has now raised $21 million in total. Since announcing its Series A in April 2018, Kdan Mobile has grown from 70 employees to 200 in Taiwan, China, Japan and the United States. It also passed 200 million downloads and now has more than 100 million members on its platform. More than half of Kdan Mobile’s users are in the U.S. and Europe, 30% from Asia and 15% from Africa and Australia.
Part of the funding will be used to develop Kdan Mobile’s enterprise products, including Document AI, its data processing and filtering technology, and SaaS products like e-signature service DottedSign, PDF software Document 365 and Creativity 365 for multimedia content creation, including animations and video editing.
After focusing primarily on individual users, Kdan Mobile decided to start working with more enterprise clients in 2018 and its software is now used by more than 40,000 businesses and educational organizations. Su said the company’s focus on enterprise was validated with the 2019 launch of DottedSign, which now has more than 300,000 users. During the past year and a half, the number of signatures processed by DottedSign increase by 30 times as companies switched to remote work because of the pandemic. Kdan Mobile also began offering a set of APIs and SDKs so internal developers at large enterprises can integrate and customize its technology.
“We use a lot of what’s called B2C2B approach, or business to consumer to business, meaning that we still try to connect with users at the individual level, but do so in a way that we hope they’ll adopt our solutions at the company level,” said Su.
Document AI was launched in 2021 after Kdan Mobile found that many of its users wanted to reduce the amount of time they spend managing documents. Its features include optical character recognition, smart tagging and search, and protection for sensitive data. Some examples of how Document AI can be used include automating data-entry tasks and creating summaries of research documents.
When asked how its products differentiate from those offered by Google, Microsoft and Adobe, Su said one way is that Kdan Mobile has always created products for mobile first, before designing the user experience for other devices, with the idea of serving professionals who are on the move a lot.
On the other hand, Kdan Mobile doesn’t necessarily see itself as a competitor with those companies. Instead, its solutions are complementary. For example, it creates files that are compatible with Adobe products and is integrated with Google Workspace, Zapier and, in the near future, Microsoft Teams.
“In that regard, it’s about helping users where they are, rather than trying to sway them away from existing products or services,” Su said.
In statement, Dattoz Partner CEO Yeon Su Kim said, “We see tremendous growth in the market for software and solutions that empower the post-pandemic hybrid workforce. Kdan’s powerful product suite and the leadership team’s ability to executive have led to its strong momentum in several key markets, including the U.S. and Asia markets.”
Yummy raises $4M, aims to be ‘super app of Venezuela’ – TechCrunch
Yummy, a Venezuela-based delivery app on a mission to create the super app for the country, announced Friday it raised $4 million in funding to expand its dark store delivery operations across Latin America.
Funding backers included Y Combinator, Tinder co-founder Justin Mateen, Canary, Hustle Fund, Necessary Ventures and the co-founders of TaskUs. The total investment includes pre-seeding capital raised in 2020.
“This appears to be a contrarian bet, but Yummy has quickly become the No. 1 super app in Venezuela and proven that the team can scale the business in a difficult territory,” Mateen said in a statement. “Now Vicente and the rest of the Yummy team will expand into more traditional markets with the necessary experience and support to overcome inevitable challenges that they will face.”
Vicente Zavarce, Yummy’s founder and CEO, launched the company in 2020 and is currently part of Y Combinator’s summer 2021 cohort. Born in Venezuela, Zavarce came to the U.S. for school and stayed to work in growth marketing at Postmates, Wayfair and Getaround before starting Yummy. Zavarce was a remote CEO over the past year, stuck in the U.S. due to travel restrictions, but said he is making the most of it.
Yummy’s app can be downloaded for free, and the company charges a delivery fee or merchant fee. In contrast to some of his food delivery competitors, Zavarce told TechCrunch Yummy’s fees are “the lowest in the market” so they do not affect the merchant’s ability to use the app.
The company is pulling together additional key components for its super app strategy, which includes launching a ridesharing vertical this year. Yummy has already connected more than 1,200 merchants with hundreds of thousands of customers.
And, over the past year the company completed more than 600,000 deliveries of food, groceries, alcohol and shopping. It reached $1 million in monthly gross merchandise volume while also growing 38% in revenue month over month.
Over the past eight years, the political and economic challenges faced by the country have led to its recent adoption of the U.S. dollar, Zavarce said. In some cases up to 70% of transactions are happening in dollars on the ground. He said this has protected the business against hyperinflation and ultimately created the opportunity for startups to begin operating in Venezuela.
Because of that, combined with more consumer technology innovation over the past decade, Zavarce said there is no reason why Venezuela should not have the best last-mile logistics. It’s there that Yummy has an opportunity to connect multiple vertices into a super app with little to no competition.
“Eventually, other players will enter, but because we have a super app, we already have an amazing frequency of usage,” he added. “We also already have exclusivity with 60% of the food delivery marketplace, which has enabled us to build a moat around the market. We believe we are the right people to execute on this and feel it is our responsibility to do it.”
Plans for the new funding include user acquisition — the company has close to 200,000 registered users already — and to expand in Peru and Chile by August. At the same time, Zavarce will spend some of that capital to attract more users across Venezuela. He also expects to be in Ecuador and Bolivia by the end of the year.
Venmo gets more private—but it’s still not fully safe
Getty Images Venmo, the popular mobile payment service, has redesigned its app. That’s normally news you could safely ignore, but...
The best portable projectors for 2021
We love the idea of casting a large screen whether it’s to binge-watch a series over the weekend, deliver business...
Review: Old is a mostly solid film undermined by jarring twist ending
A family on a tropical holiday discover that the secluded beach where they are relaxing for a few hours is somehow...
Alpha Motors Superwolf is a completely decked out electric pickup
Alpha Motors unveiled a new version of its all-electric pickup called the Superwolf. The difference between this particular version of...
Classic 1967 Chevrolet Camaro Z/28 Trans Am racer heads to auction
When it comes to muscle cars of the 60s, one of the most iconic is the Chevrolet Camaro. The value...
Social1 year ago
CrashPlan for Small Business Review
Gadgets3 years ago
A fictional Facebook Portal videochat with Mark Zuckerberg – TechCrunch
Cars3 years ago
What’s the best cloud storage for you?
Mobile3 years ago
Memory raises $5M to bring AI to time tracking – TechCrunch
Social3 years ago
iPhone XS priciest yet in South Korea
Security3 years ago
Google latest cloud to be Australian government certified
Cars3 years ago
SK Telecom and Samsung to collaborate on 5G for enterprise
Social3 years ago
Apple’s new iPad Pro aims to keep enterprise momentum