One of the bigger security announcements from Apple’s Worldwide Developer Conference this week is Apple’s new requirement that app developers must implement the company’s new single sign-on solution, Sign In with Apple, wherever they already offer another third-party sign-on system.
Apple’s decision to require its button in those scenarios is considered risky — especially at a time when the company is in the crosshairs of the U.S. Department of Justice over antitrust concerns. Apple’s position on the matter is that it wants to give its customers a more private choice.
From a security perspective, Apple offers a better option for both users and developers alike compared with other social login systems which, in the past, have been afflicted by massive security and privacy breaches.
Apple’s system also ships with features that benefit iOS app developers — like built-in two-factor authentication support, anti-fraud detection and the ability to offer a one-touch, frictionless means of entry into their app, among other things.
For consumers, they get the same fast sign-up and login as with other services, but with the knowledge that the apps aren’t sharing their information with an entity they don’t trust.
Consumers can also choose whether or not to share their email with the app developer.
If customers decide not to share their real email, Apple will generate a random — but real and verified — email address for the app in question to use, then will route the emails the app wants to send to that address. The user can choose to disable this app email address at any time like — like if they begin to get spam, for example.
The ability to create disposable emails is not new — you can add pluses (+) or dots (.) in your Gmail address, for example, to set up filters to delete emails from addresses that become compromised. Other email providers offer similar features.
However, this is the first time a major technology company has allowed customers to not only create these private email addresses for sign-ins to apps, but to also disable those addresses at any time if they want to stop receiving emails at them.
Despite the advantages to the system, the news left many wondering how the new Sign In with Apple button would work, in practice, at a more detailed level. We’ve tried to answer some of the more burning and common questions. There are likely many more questions that won’t be answered until the system goes live for developers and Apple updates its App Review Guidelines, which are its hard-and-fast rules for apps that decide entry into the App Store.
1) What information does the app developer receive when a user chooses Sign In with Apple?
The developer only receives the user’s name associated with their Apple ID, the user’s verified email address — or the random email address that routes email to their inbox, while protecting their privacy — and a unique stable identifier that allows them to set up the user’s account in their system.
Unlike Facebook, which has a treasure trove of personal information to share with apps, there are no other permissions settings or dialog boxes with Apple’s sign in that will confront the user with having to choose what information the app can access. (Apple would have nothing more to share, anyway, as it doesn’t collect user data like birthday, hometown, Facebook Likes or a friend list, among other things.)
2) Do I have to sign up again with the app when I get a new iPhone or switch over to use the app on my iPad?
No. For the end user, the Sign In with Apple option is as fast as using the Facebook or Google alternative. It’s just a tap to get into the app, even when moving between Apple devices.
3) Does Sign In with Apple work on my Apple Watch? Apple TV? Mac?
Sign In with Apple works across all Apple devices — iOS/iPadOS devices (iPhone, iPad and iPod touch), Mac, Apple TV and Apple Watch.
4) But what about Android? What about web apps? I use my apps everywhere!
There’s a solution, but it’s not quite as seamless.
If a user signs up for an app on their Apple device — like, say, their iPad — then wants to use the app on a non-Apple device, like their Android phone, they’re sent over to a web view.
Here, they’ll see a Sign In with Apple login screen where they’ll enter their Apple ID and password to complete the sign in. This would also be the case for web apps that need to offer the Sign In with Apple login option.
(Apple does not offer a native SDK for Android developers, and honestly, it’s not likely to do so any time soon.)
5) What happens if you tap Sign In with Apple, but you forgot you already signed up for that app with your email address?
Sign In with Apple integrates with iCloud Keychain so if you already have an account with the app, the app will alert you to this and ask if you want to log in with your existing email instead. The app will check for this by domain (e.g. Uber), not by trying to match the email address associated with your Apple ID — which could be different from the email used to sign up for the account.
6) If I let Apple make up a random email address for me, does Apple now have the ability to read my email?
No. For those who want a randomized email address, Apple offers a private email relay service. That means it’s only routing emails to your personal inbox. It’s not hosting them.
Developers must register with Apple which email domains they’ll use to contact their customers and can only register up to 10 domains and communication emails.
7) How does Sign In with Apple offer two-factor authentication?
On Apple devices, users authenticate with either Touch ID or Face ID for a second layer of protection beyond the username/password combination.
On non-Apple devices, Apple sends a six-digit code to a trusted device or phone number.
8) How does Sign In with Apple prove I’m not a bot?
App developers get access to Apple’s robust anti-fraud technology to identify which users are real and which may not be real. This is tech it has built up over the years for its own services, like iTunes.
The system uses on-device machine learning and other information to generate a signal for developers when a user is verified as being “real.” This is a simple bit that’s either set to yes or no, so to speak.
But a “no” doesn’t mean the user is a definitely a bot — they could just be a new user on a new device. However, the developer can take this signal into consideration when providing access to features in their apps or when running their own additional anti-fraud detection measures, for example.
9) When does an app have to offer Sign In with Apple?
Apple is requiring that its button is offered whenever another third-party sign-in option is offered, like Facebook’s login or Google. Note that Apple is not saying “social” login though. It’s saying “third-party,” which is more encompassing.
This requirement is what’s shocking people as it seems heavy-handed.
But Apple believes customers deserve a private choice, which is why it’s making its sign-in required when other third-party options are provided.
But developers don’t have to use Sign In with Apple. They can opt to just use their own direct login instead. (Or they can offer a direct login and Sign In with Apple, if they want.)
10) Do the apps only have to offer Sign In with Apple if they offer Google and/or Facebook login options, or does a Twitter, Instagram or Snapchat sign-in button count, too?
Apple hasn’t specified this is only for apps with Facebook or Google logins, or even “social” logins. Just any third-party sign-in system. Although Facebook and Google are obviously the biggest providers of third-party sign-in services to apps, other companies, including Twitter, Instagram and Snapchat, have been developing their own sign-in options, as well.
As third-party providers, they too would fall under this new developer requirement.
11) Does the app have to put the Sign In with Apple button on top of the other options or else get rejected from the App Store?
Apple is suggesting its button be prominent.
The company so far has only provided design guidelines to app developers. The App Store guidelines, which dictate the rules around App Store rejections, won’t be updated until this fall.
And it’s the design guidelines that say the Apple button should be on the top of a stack of other third-party sign-in buttons, as recently reported.
The design guidelines also say that the button must be the same size or larger than competitors’ buttons, and users shouldn’t have to scroll to see the Apple button.
But to be clear, these are Apple’s suggested design patterns, not requirements. The company doesn’t make its design suggestions law because it knows that developers do need a degree of flexibility when it comes to their own apps and how to provide their own users with the best experience.
12) If the app only has users signing up with their phone number or just their email, does it also have to offer the Apple button?
Not at this time, but developers can add the option if they want.
13) After you sign in using Apple, will the app still make you confirm your email address by clicking a link they send you?
Nope. Apple is verifying you, so you don’t have to do that anymore.
14) What if the app developer needs you to sign in with Google, because they’re providing some sort of app that works with Google’s services, like Google Drive or Docs, for example?
This user experience would not be great. If you signed in with Apple’s login, you’d then have to do a second authentication with Google once in the app.
It’s unclear at this time how Apple will handle these situations, as the company hasn’t offered any sort of exception list to its requirement, nor any way for app developers to request exceptions. The company didn’t give us an answer when we asked directly.
It may be one of those cases where this is handled privately with specific developers, without announcing anything publicly. Or it may not make any exceptions at all, ever. And if regulators took issue with Apple’s requirement, things could change as well. Time will tell.
15) What if I currently sign in with Facebook, but want to switch to Sign In with Apple?
Apple isn’t providing a direct way for customers to switch for themselves from Facebook or another sign-in option to Apple ID. It instead leaves migration up to developers. The company’s stance is that developers can and should always offer a way for users to stop using their social login, if they choose.
In the past, developers could offer users a way to sign in only with their email instead of the third-party login. This is helpful particularly in those cases where users are deleting their Facebook accounts, for example, or removing apps’ ability to access their Facebook information.
Once Apple ID launches, developers will be able to offer customers a way to switch from a third-party login to Sign In with Apple ID in a similar way.
Do you have more questions you wish Apple would answer? Email me at email@example.com
Mozilla acquires Active Replica to build on its metaverse vision • TechCrunch
An automated status updater for Slack isn’t the only thing Mozilla acquired this week. On Wednesday, the company announced that it snatched up Active Replica, a Vancouver-based startup developing a “web-based metaverse.”
According to Mozilla SVP Imo Udom, Active Replica will support Mozilla’s ongoing work with Hubs, the latter’s VR chatroom service and open source project. Specifically, he sees the Active Replica team working on personalized subscription tiers, improving the onboarding experience and introducing new interaction capabilities in Hubs.
“Together, we see this as a key opportunity to bring even more innovation and creativity to Hubs than we could alone,” Udom said in a blog post. “We will benefit from their unique experience and ability to create amazing experiences that help organizations use virtual spaces to drive impact. They will benefit from our scale, our talent, and our ability to help bring their innovations to the market faster.”
Active Replica was founded in 2020 by Jacob Ervin and Valerian Denis. Ervin is a software engineer by trade, having held roles at AR/VR startups Metaio, Liminal AR and Occipital. Denis has a history in project management — he worked for VR firms including BackLight, which specializes in location-based and immersive VR experiences for brands.
With Active Replica, Ervin and Denis sought to built a platform for virtual events and meetings built on top of Mozilla’s Hubs project. Active Replica sold virtual event packages that included venue design, event planning, live entertainment and tech support.
Prior to the acquisition, Active Replica hadn’t publicly announced outside funding. Ervin and Denis have assumed new jobs at Mozilla within the past several weeks, now working as senior engineering manager and product lead, respectively.
“Mozilla has long advocated for a healthier internet and has been an inspiration to us in its dedication and contributions to the open web. By joining forces with the Mozilla Hubs team, we’re able to further expand on our mission and inspire a new generation of creators, connectors, and builders,” Ervin and Denis said in a statement. “Active Replica will continue to work with our existing customers, partners and community.”
Mozilla launched Hubs in 2018, which it pitched at the time as an “experiment” in “immersive social experiences.” Hubs provides the dev tools and infrastructure necessary to allow users to visit a portal through any browser and collaborate with others in a VR environment. Adhering to web standards, Hubs supports all the usual headsets and goggles (e.g. Oculus Rift, HTC Vive) while remaining open to those without specialized VR hardware on desktops and smartphones.
Hubs recently expanded with the launch of a $20-per-month service that did away with the previously-free service but introduced account management tools, privacy and security features. According to Mozilla, the plan is to roll out additional tiers and reintroduce a free version in the future, along with kits to create custom spaces, avatar and identity options and integrations with existing collaboration tools.
Mozilla’s forays into the metaverse have had been met with mixed results. While Hubs is alive and kicking as evidenced by the Active Replica acquisition, Meta shuttered Firefox Reality, its attempt to create a full-featured browser for AR and VR headsets, in February 2022. In explaining why it decided to close up Firefox Reality, Mozilla said that while it does help develop new technologies, like WebVR and WebAR, it doesn’t always continue to host and incubate those technologies long-term.
‘The Mandalorian’ Season 3 will premiere on March 1 • TechCrunch
Disney announced today The Mandalorian’s long-awaited third season will debut on March 1st on Disney+. The company had previously said that the third season would debut in February, so fans will have to wait a little longer than expected to see the upcoming season.
The third season will take place following the events of “The Book of Boba Fett,” in which Din Djarin reunited with Grogu. A teaser for the upcoming season shows Mando fighting armed warriors on Mandalore.
The second season “The Mandalorian” premiered back in October 2020, so fans have had to wait quite some time to see their favorites together again. Carl Weathers, Giancarlo Esposito and Katee Sackhoff will all be returning in the third season of the show.
YouTube launches its first-ever official trends podcast, ‘Like & Describe,’ with content creator MatPat • TechCrunch
YouTube launched its first-ever official trends podcast today, the company announced. Hosted by popular content creator MatPat and produced by YouTube’s Culture & Trends team, the “Like & Describe” podcast will tackle lesser-known stories behind the biggest YouTube trends.
Episodes will release monthly on YouTube’s main channel for viewers to watch as well as all on major podcast platforms for listeners, including Spotify, Apple, Amazon and Google. Episode one debuted on December 1 with a second episode set to premiere on January 1.
The announcement comes a few months after YouTube introduced a dedicated podcast homepage. It’s likely the company launched “Like & Describe” to further cash in on the ever-growing podcast industry. Plus, MatPat could draw in millions of listeners since the creator has over 34 million subscribers in total across his four channels–The Game Theorists, The Film Theorists, The Food Theorists and his gaming channel, GTLive.
In the first episode, titled “The Rise of the VTubers,” MatPat explores Virtual YouTubers (aka VTubers), animated characters voiced by humans that garner a collective total of 1.5 billion views every month, according to YouTube.
MatPat meets with VTubers like Gawr Gura, a 9,000-year-old half shark/half girl, and Mori Calliope, a Grim reaper that raps in motion-capture music videos, among others. He also speaks with Earnest Pettie, Trends & Insights Lead of YouTube’s Culture & Trends team, content creator Dave Cherry and other experts.
Unlike most video podcasts where hosts sit in front of a camera and speak into a mic, “Like & Describe” has viewers follow along with graphics as MatPat narrates—similar to his video style for his YouTube channels.
The second episode will have MatPat meet with more special guests from the Culture & Trends team as they provide commentary on the biggest videos and creators of 2022.
BMW iX5 Hydrogen Production Starts, But Don’t Expect To See This Fuel-Cell SUV In Dealerships
The reality, though, is that even with a small number of BMW iX5 Hydrogen SUVs being produced — using individual...
Mozilla acquires Active Replica to build on its metaverse vision • TechCrunch
An automated status updater for Slack isn’t the only thing Mozilla acquired this week. On Wednesday, the company announced that...
Tesla's Latest Event Revealed Big News For The Cybertruck
Tesla’s Cybertruck won’t be the first electric pickup when it reaches production, but a new feature meant for the Tesla...
The Callisto Protocol review: A relentless horror spectacle
Enlarge / Hello, gorgeous. In the survival-horror genre, building tension and ramping up a sense of dread is the backbone...
The First Tesla Semi Has Been Delivered After Lengthy Delays
There had long been suggestion Pepsi would be one of Tesla’s biggest customers — with a subsidiary spotted installing charging...
Social8 months ago
Web.com website builder review
Social3 years ago
CrashPlan for Small Business Review
Gadgets4 years ago
A fictional Facebook Portal videochat with Mark Zuckerberg – TechCrunch
Cars4 years ago
What’s the best cloud storage for you?
Mobile4 years ago
Memory raises $5M to bring AI to time tracking – TechCrunch
Social4 years ago
iPhone XS priciest yet in South Korea
Security4 years ago
Google latest cloud to be Australian government certified
Social4 years ago
Apple’s new iPad Pro aims to keep enterprise momentum