Connect with us

Internet

Sign In With Apple Exposes Users to Security Risks, OpenID Foundation Claims

Published

on

Apple announced its “Sign In with Apple” feature with much fanfare at WWDC last month. Meant to be a brand-new way for the Apple users to log into apps and websites without losing their privacy, the feature has now been called out by OpenID Foundation. The foundation says that although Apple has used significant parts of OpenID Connect for Sign In with Apple implementation, its code is not completely aligned with OpenID, leaving the users vulnerable to security and privacy risks.

In an open letter to Apple’s Senior Vice President of Software Engineering Craig Federighi, OpenID Foundation wrote, “the current set of differences between OpenID Connect and Sign In with Apple reduces the places where users can use Sign In with Apple and exposes them to greater security and privacy risks.”

The foundation has also detailed the spec violations as well as peculiarities in Sign In with Apple implementation, at least one of which is known to enable attacks. Other violations and peculiarities mostly seem to hamper the interoperability of Apple’s solution with OpenID Connect partners. It is unclear if any of them pose any security or privacy risks to Apple consumers.

The OpenID Foundation is asking Apple to address the gaps between Sign In with Apple and OpenID Connect and make it compatible and interoperable. The foundation is also asking Apple to join it.

Apple has said to have fixed one of issues pointed out by the foundation. So, the company is clearly paying attention to what OpenID Foundation is saying, but it remains to be seen whether the iPhone maker will do everything that the foundation is asking or just fix the security issues and keep its implementation independent.

To recall, with Apple ID authentication, Apple will just provide the app developers or website publishers with a random ID and keep all of users’ data safe with itself. The company also said that it won’t use the Apple ID authentication data to profile users or their activity.

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Internet

Tim Cook slams sideloading law idea: Not in “best interest” of iPhone users

Published

on

Apple CEO Tim Cook has spoken out against proposed tech regulation that would leave iPhone owners able to install apps from outside of the App Store, as the Cupertino firm comes under increasing pressure around its vice grip on smartphone software. The proposed law, known as DMA, would force companies with big platforms – like Apple, Amazon, and Google – … Continue reading

Continue Reading

Internet

OnePlus and OPPO are merging: Here’s what that means

Published

on

OnePlus and OPPO are merging their R&D teams, and bringing the two companies closer together as OnePlus co-founder and CEO confirms that the phone-makers will now “further integrate.” OnePlus will continue to operate as a separate brand, Lau insists, though it’s expected that the new organizational setup will be a shortcut to more cost-effective development. “As many of you know, … Continue reading

Continue Reading

Internet

Strange Galaxy S21 Ultra battery drain issue reported by users

Published

on

For the last few months, there have been reports surfacing online that the Samsung Galaxy S21 Ultra has a battery issue that plagues some users. There have been multiple reports that when the device is placed in a pocket, the battery discharges at an abnormally high rate while walking around. Unfortunately, the only way users have been able to determine … Continue reading

Continue Reading

Trending