OpenID say Sign In with Apple could have “greater security privacy risks”

Not-for-profit technology organisation, OpenID Foundation, has sent an open letter to software giants, Apple, questioning some of the policies made as part of the new Apple Sign In.

During this year’s World Wide Developers Conference (WWDC) for Apple, which took place early last month, the company announced a new sign-in alternative from the Google and Facebook options that many apps currently have.

The non-profit international standardisation organisation controls many sign-in option platforms already and has clients such as Google, PayPal, and Microsoft.

The foundation wrote, in a letter to Apple’s senior vice president, Craig Federighi, that, despite acknowledging some differences between OpenID and the new Apple Sign In, Apple had taken advantage of many of OpenID’s ideas.

In the letter, they say: “It appears Apple has largely adopted OpenID Connect for their Sign In with Apple implementation offering, or at least has intended to. Known differences between the two are tracked in a document managed by the OIDF certification team”.

OpenID continued to discuss how, by creating Apple ID, there was a risk to both security and the extra work on security developers.

They said: “The current set of differences between OpenID Connect and Sign In with Apple reduces the places where users can use Sign In with Apple and exposes them to greater security privacy risks. It also places unnecessary burden on developers of both OpenID Connect Sign In with.”


Related Posts