WWDC 2019: What ‘Sign-In with Apple’ Means for Tech Professionals

At this year’s WWDC 2019, Apple has introduced a new, privacy-focused sign-in option for apps and websites. It’s exciting for users, but what does it mean for developers and engineers?

It was a headline-grabbing move from Apple. In an age where our personal data is treated as currency, Apple basically promised you’d keep more of your money (so to speak) with its new option. Sign-In with Apple is a button developers can add to an app or website that acts just like any other social sign-in button (which, as we’ve noted, are hard to avoid).

This allows users to sign in with a flow they’re familiar with, because of Facebook and Google’s own buttons, but without trading all their data. Sign-In with Apple does everything other sign-in options do, but keeps user data private; more critically, it alleviates developers from needing to capture and contain user data. Users can choose to share their email with developers for communication purposes, or Apple can return a bespoke email address unique to that app and user. This email goes through Apple’s exchange, so you can still communicate with users as needed; it’s just a “buffer” so users don’t give up data unwittingly.

The button will allow developers to request information from users, but Apple cautions against being overzealous about that. It wants you to consider why you need that data before asking for it; and if it’s not necessary, don’t ask for it.

It’s perfect for 2019 and beyond, when privacy concerns are at the forefront. But should developers actually use it?

Apple is taking a hard stance on Sign-In with Apple. It requires the button for developers who use social sign-ins in their apps, which has sparked a bit of controversy. It strikes me that Apple wants to force a privacy option where it knows others aren’t respecting user privacy. Everyone using an Apple device has an AppleID, after all, and that’s all it takes to enable the button.

It’s worth mentioning that the Apple sign-in button is mandatory to implement when other social options are used, but not mandatory for users. If they want to use a Facebook or Google sign-in, that’s their choice. It also doesn’t mandate an iCloud email address; if a user is using Gmail or other @-address for their AppleID, that’s fine.

(Let’s also admit we’ve all been using Facebook and Google sign-ins because it’s easier than creating our own, even if you use something like Firebase.)

I can also say this move has been welcomed by developers. At WWDC 2018, in particular, a low rumble began amongst those in attendance: If Apple cares so much about privacy, why doesn’t it have its own sign-in for apps? And judging by the reception Sign-In with Apple received during the WWDC 2019 keynote, it’s clear developers got more than they thought they wanted in terms of privacy and security. Sign-In with Apple isn’t reactionary, either; this is the right time and it’s the right service… done the right way.

Sign-In with Apple also isn’t overkill. Developers can integrate this sign-in option with a simple on-boarding, and you don’t have to worry about what’s happening to user data. Developers will also know if the user trying to access their app is a bot. As Apple writes: “It uses on-device machine learning and other information to provide a new privacy-friendly signal that helps you determine if a new user is a real person or an account you might want to take another look at.”

Implementing the button isn’t really difficult, and one early adopter told me during a media scrum it took about a day to implement fully. It may require a bit of a redesign for your app or service, and there’s still some back-end coding to do, but it’s not really difficult compared to some other app-development tasks.

Sign-In with Apple is also cross-platform. There’s a JavaScript API for the web, Android, and Windows. Apple encourages this for a more seamless experience, but it’s clear the company also wants this to catch on in a big way so other companies are disrupted.

With the public increasingly aware of the data-siphoning antics that Facebook and Google engage in, those social sign-in buttons are starting to look problematic. We’re not sure Apple’s aggression about adding its own sign-in button is the right move… but it’s also not the wrong move. It’s still in beta, so it won’t be required for quite some time, but it’s also time developers start paying closer attention to how user data is handled. Right now, Apple is at the forefront of user privacy, and that’s worth applauding.