sign in with apple wwdc
Apple's senior vice president of Software Engineering Craig Federighi speaks during the keynote address during the 2019 Apple Worldwide Developer Conference (WWDC) at the San Jose Convention Center on June 03, 2019 in San Jose, California. Justin Sullivan/Getty Images

A nonprofit organization said Apple’s new “Sign In with Apple” feature, while worthy of applause, can still put users at risk and recommends ways to make it even better.

Companies such as Google and Facebook made logging onto various apps and services easier with the “Sign In with Google” and “Sign In with Facebook” options. With the two companies plagued with security issues related to passwords and privacy, however, people are looking for a better way to securely long onto various services. Enter Apple’s “Sign In with Apple” feature.

Apple unveiled its own “Sign In with Apple” feature in the recent WWDC in an apparent swipe to rival companies and an obvious move to get more people to trust it instead. The new feature, which helps prevent the harvesting of information, gives people the peace of mind they need when logging on via use of a proxy email address that actually works to forward emails to their real email addresses.

While the move itself has been largely welcomed for its ability to keep user information private, a nonprofit organization that is responsible for the same kind of login feature has called on Apple to do something better as “Sign In with Apple” still exposes some people to risk, MacRumors reported.

Risk?

In an open letter addressed to Craig Fedirighi, Apple’s Senior VP for Software Engineering, non-profit organization OpenID Foundation (OIDF) both applauded Apple and gave recommendations to make its new feature work even better.

The OIDF noted that Apple did well by adopting OpenID Connect, a standardized method of logging onto third-party applications. OpenID Connect has been developed by a “large number of companies and industry experts,” all of them members of OIDF. These members include Microsoft, PayPal, Google and others.

The foundation also pointed out that while Apple “largely adopted” OpenID Connect, there are differences between Apple’s offering and OpenID Connect. The differences, which can be read here, “reduces the places where users can use Sign In with Apple and exposes them to greater security and privacy risks,” OIDF chairman Nat Sakimura said.

OIDF said Apple should “address” the differences between Sign In with Apple and OpenID Connect, make sure that it is interoperable with OpenID Connect, publicly announce that it is compatible with widely-available OpenID Connect Relying Party Software, and join the OIDF.