Seems a bit petty to me. As a developer I empathize with the possible lack of documentation (I don’t know, I never tried to integrate Sign In with Apple) but as a user I actually am super happy with it. Nowadays any iOS app that doesn’t support logging in with Apple makes me think twice about whether I really need the app.
> Nowadays any iOS app that doesn’t support logging in with Apple makes me think twice about whether I really need the app.
I agree. I only create accounts for things reluctantly. Because 1. Why do you want my email address, or DOB, or whatever else? I don't want your marketing, and 2. I can't be bothered, I downloaded your app because I have something I want to get done.
Because Apple's SSO will not be eternal and nobody wants to have a tier as a proxy on an important account credential.
Apple SSO is ok for throwaway account where your account has no "sentimental value" that you can't recreate easily. But the author of this post maintains a social network : nobody wants to be locked out a social network.
I have active accounts on websites that existed back when Apple was fighting not to die and I would have totally lost access to them if I had to sign-in to them through my Lycos account.
Don’t use apple SSO because apple might not exist one day?
You may as well argue not signup to anything using gmail because, heck, google might go out of business.
There is no benefit to users in giving your “real” details to service providers; the benefit is entirely on their side.
You can argue that Apple is harming the opportunities for 3rd party developers, sure, taking advantage of them? Sure.
…but let’s not try to frame this as somehow “pro consumer” to give your email away so people can spam you with notifications and offers to lift their engagement rates.
>Don’t use apple SSO because apple might not exist one day?
>You may as well argue not signup to anything using gmail because, heck, google might go out of business.
I assume OP point is that Apple or Google could still exists but your accounts might not exist, maybe you get banned or just decide you don't want to use Apple/Google/FB anymore.
I don't think your tone is warranted and in the spirit of this community.
I don't agree with GP's fear of Apple SSO vanishing without a transition period to something else, but the general premise that this form of login is not eternal but rather short lived in the grand scheme of things is reasonable and doesn't warrant your aggressiveness.
Also you might get locked out of your Apple account for a number of reasons and will then lose access to much more than just Apple services.
It is also not really a valid argument here, given that the service we are talking about was offering Facebook and Google login options, which share the exact same issue, but with the added privacy violations of those platforms.
From what I understood from these discussions, that is not an issue with Facebook and Google logins because they reveal the true user email address, so even if they no longer exist one day, that email address could be used to recover the user accounts (using a password recovery flow through email); while Apple SSO does not reveal the true user email address, only a proxy through Apple's systems, so if it no longer exists one day, there's no way to use the email address to recover the user accounts.
Apple asks the user whether they want to reveal their email or not. If you do not receive a real email address for Sign in with Apple, it is because the user did not want to give it to you.
> Don’t use apple SSO because apple might not exist one day?
There might be a day when Apple is not _my_ cell phone platform. Even now I have an Android phone and iPad and I prefer to have access to same services from both.
> You may as well argue not signup to anything using gmail because, heck, google might go out of business.
I personally avoid to do it, but that's not the point.
Every other third party allows account recovery by mail : if you want to stop using FB or Google's SSO, you can ask the website to send you a mail to prove the account ownership.
If Apple's SSO stopped working (because Apple stopped it, banned you, because you dont have Apple devices anymore so you are locked out of their proprietary 2FA), none of those websites could send you a recovery email.
> That is pure BS.
I don't feel like I've been insulting, so please don't be either.
> because you dont have Apple devices anymore so you are locked out of their proprietary 2FA
They have SMS as a fallback. I know it's insecure and I'd rather they support TOTP, but let's not pretend having an Apple device is the only way to receive 2FA codes for your Apple ID.
> Don’t use apple SSO because apple might not exist one day?
Yes. And more to the point, because that Apple service may not exist in the future. Or Apple may determine that a particular app or service can no longer use its service for whatever reason, and you as a user will not have any choice in that manner. It's all been done before.
And it makes me think : what happens to the "proxy emails" affected to your application when Apple decides to ban your app from the App Store ? Are your users still reachable ? Is there any information on this ?
Given an alternative storyline where Epic Games allowed users to create account with relayed apple mails, wouldn't all those accounts suddenly became unusable today ?
Epic actually did allow users to use SWA since they have about 5 other IdPs they allow. Apple didn't suspend their access to SWA at any point, though there were stories about it at the time.
Yes, or at least not with a @gmail.com domain. Running Google Apps with a custom domain you own and Google can't snatch away is fine (well, apart from the privacy implications of giving Google free rein to read your emails, of course). That means not using Google as your registrar, obviously.
Sign In with Apple allows you to share your email so you are incorrect. If I decide to hide my email and be locked out - my choice. Developers and companies are greedy for data. Why do we have the expectation that emails should be shared? I constantly say don’t send me marketing and some services send. On my part I report them as spam every time so that algos start blocking them as they are breaking our contract and are malicious.
For every service I’ve built allow the user to create an account with email, Google, Microsoft, Apple, Twitter, Facebook and to later untie their account and move to email. Also if they ever get locked out from their oauth account they can use the email to create a password and login via the normal way.
> Also if they ever get locked out from their oauth account they can use the email to create a password and login via the normal way.
This is exactly my point ! You can't recover your account if you don't know the mail used for registration. Even if you remembered it, no check could be made if Apple stopped to proxy the mails for one or another reason.
With other providers, you could always recover an account because your email address would let you prove the ownership of the account.
You can look up any private relay email address you've had provisioned in iCloud settings. It shows what service it was used or and the email, also allowing you to disable the address. This is also available from the Apple ID manager:
Is that not the same with if Google block my account? I won't be even able to login to my email for simple password reset or to verify I'm the actual owner of the email.
This is the problem with one click account vs email entering. It is a risk users should be made aware of but it is still their choice. And for some critical services I'll use my email, for other like the app in question, or most apps on the App Store I'll use one-click install, also most of the time there is no need for me to have an account. Most data can be stored on device without the need for user authentication.
I was under the impression that the Apple email that you get is not a real email address with an inbox? Is it? How can you verify a user the real owner of the email?
If they are locked out of the oauth account, presumably they can't check their inbox.
edit: Oh, do you mean you ask for an email address after they already flow through the oauth process - because that's the worst of all :)
The Apple-provided e-mail address forwards to their real email, so you can still use it for e-mail verification and communications. It just means the user can deactivate the alias at any time and stop further spam.
Apple's SSO may not be eternal but it's also very unlikely to disappear overnight. If it is indeed going to be phased out you will have advance notice of this and a transition period.
I agree that in a perfect world you'd provide your real email address and solve this problem. But developers and companies have repeatedly proven themselves to not be trustworthy and the majority will misuse any contact details for spam which users do not want. In fact there wouldn't be a business case (nor appeal to end-users) for Sign in with Apple if this wasn't a real problem.
> Apple's SSO may not be eternal but it's also very unlikely to disappear overnight. If it is indeed going to be phased out you will have advance notice of this and a transition period.
They may well offer notice and time when they cancel the service in some future.
They won't offer any of that if they happen to erase your account just because though, as has happened to many people.
Don't forget in your threat model that Apple can cancel your account at any time for any reason whatsoever. They've even done it to security researchers using Apple's own bug bounty program. If that happens, you are stranded with those accounts effectively inaccessible to you forever.
So? Google can also cancel your account at any time for any reason whatsoever, and good luck getting it back unless you're a celebrity with connections or manage to make a big enough fuss about it on social media. Using the same logic, you should not use Gmail then.
> Google can also cancel your account at any time for any reason whatsoever [...] Using the same logic, you should not use Gmail then.
Actually, under that logic it's only that you shouldn't use the @gmail.com domain; it should be fine to use Gmail with your own domain, since that allows you to recover if your Google account is canceled (just change the MX to another email provider).
Another thing you can do is to never use your Google account for anything other than email; that should reduce the chances of the account being canceled for no obvious reason. For instance, it's been reported that, if you used your Google account for Youtube, and Google decided your real name was not your real name (which it wanted due to the Google Plus integration with Youtube), your whole Google account could be canceled; that risk could be avoided by just never logging into Youtube with your Google account.
Google isn’t worth the trouble.
I pay for my email, you remember paying for stuff you use, an antiquated idea, I know, but restores the balance in the equation.
> So? Google can also cancel your account at any time for any reason whatsoever
Right, that's why. Don't ever use "sign in with XXX" for any value of XXX, whether apple or google. Any of them can erase you off their site on a whim and you've lost all unrelated accounts where you made the mistake to "sign in with XXX".
Create accounts with your own email, control your future destiny.
Then your issue isn't with Apple's SSO, it is with all SSO providers. Facebook/Google login are not eternal. The only difference is the proxy, which can be disabled.
Any website offering SSO options would have a sunset period to move it over if a provider went under...and if they don't, they are likely defunct at that point anyways...
Apple may not be eternal, but probably will still be around for many decades after your app is completely forgotten. I still have the same IBM and Oracle accounts from the 90's. Big enterprises tend to stick around for a friggin long time.
There's a market for being anti-Apple that's not always based on reasonable ideas. It's popular especially among Web technologists, so maybe if your product targets them it could be a growth hack to "take revenge" and attack the Goliath, then create a literature around that "brave endeavour" that promotes your product.
The part where the developer puts the word 'privacy' in scare quotes is a bit of a red flag for me. Suggesting that "accept[ing] two "social logins": Google and Facebook. All was well." does not fill me with confidence that the developer respects privacy concerns.
Only the naive and the ignorant believe that Apple cares about users privacy. All their "privacy" features are just designed to collect more and more data about its users. Even unnecessary data. And they get away with it because of marketing that leads people like you to believe that they can be "trusted" with your data - the same data they use, and will use, to make more money. They have already restarted their advertising network again, like before. They claim they are no longer part of PRISM, a US government program that allowed big tech to sell user data to government agencies.
They implemented end to end encryption in iMessage to collect more data? There's a vast array of technical instances where apple has gone above and beyond to implement privacy preserving technology, even when they weren't talking about it. This is, like the OP, hysteria without any basis in fact.
Well, kind of. Apparently Messages in iCloud is still E2E encrypted, but not if you have full-device iCloud Backup enabled. Though I've often been prompted for my previous passcode to restore data from an iCloud backup, so not sure if anything has changed on that front.
>“We specifically don’t collect data, even from point A to point B,” notes Cue. “We collect data — when we do it — in an anonymous fashion, in subsections of the whole, so we couldn’t even say that there is a person that went from point A to point B. We’re collecting the segments of it.
The segments that he is referring to are sliced out of any given person’s navigation session. Neither the beginning or the end of any trip is ever transmitted to Apple. Rotating identifiers, not personal information, are assigned to any data or requests sent to Apple and it augments the “ground truth” data provided by its own mapping vehicles with this “probe data” sent back from iPhones.
>An Associated Press investigation found that many Google services on Android devices and iPhones store your location data even if you’ve used a privacy setting that says it will prevent Google from doing so.
"The iPhone continues to store location data even when location services are disabled, contrary to Apple’s previous claims. The Wall Street Journal did independent testing on an iPhone and found that even after turning off location services, the device was still collecting information on nearby cell towers and Wi-Fi access points."
"The best way to keep something secret is not to capture and store it in the first place. And that’s the crux of the privacy versus convenience debate now redefining our applications and software-based services ... Yes, maybe what happens on an iPhone stays on an iPhone, but some data should not be captured in the first place. Nothing more so than the significant invasiveness of Apple’s significant locations concept—a perfect illustration of just because you can, doesn’t mean you should. This is a continually building data repository of the locations you visit, along with times and dates, detailed maps, even the mode of transport to get you there and how long it took."
“Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this,” wrote researcher Douglas Leith from Trinity College in Ireland, in a recently published academic report ... “To date, Apple have responded only with silence (we sent three emails to Apple’s director of user privacy, who declined even to acknowledge receipt of an email,” Leith wrote. Since then, Apple has made public statements critical of Leith’s research and insisting privacy and opt-out measures do exist.
"And there’s also a more fundamental issue with this technology. Its euphemistic description as a “crowdsourced” way to recover lost items belies the reality of how these items are tracked. What you won’t find highlighted in the polished marketing statements is the fact that AirTags can only work by tapping into an Apple-operated surveillance network in which millions of us are unwitting participants."
2021: Remember, Apple AirTags and ‘Find My’ app only work because of a vast, largely covert tracking network - elzbardico↗
Apple is a capitalistic company, they are not saints. But part of their business model selling hardware and software is partly based on at least maintaining a minimal level of decency, far above what Google and Facebook practice.
I don't agree with that view point. As both a user of Apple's products and as a worried citizen about privacy rights, to me it looks like Apple is just using a different approach to collect the same user data that Google and Facebook desire. It is just using the hindsight of how Google and Facebook went about it, and the negative PR they faced, to refine both its data collection process and PR strategy to convey they are saints. (It's a classic Apple way - they observe their competitors and their product for a while, before refining it and launching their own).
There is a lot of profit in collecting and monetising user's data - Apple's shareholder will not allow them to leave it on the table. Apple knows that as it was part of the PRISM program and earned a lot of money by supplying the US government it's users data. (Apple also dropped plan for encrypting backups after FBI complained - https://www.reuters.com/article/us-apple-fbi-icloud-exclusiv... ). And on a different note, in the early years, Google too begin it's spying and data collection by convincing its users that it is a "decent" company.
The reason "privacy" is in quotes is that some of us have started seeing through what Apple really means every time they use the word. As the EU's Executive Vice-President Margrethe Vestager has recently said regarding their Apple probe, privacy can't be an excuse to stifle competition.
All was well because nobody was forcing me (the developer) to include anything I didn't want. Users could still use traditional email signup. You are free to choose whom you trust. If your choice is Apple, well, that is your choice
Indeed it is. And I would choose to trust Apple over some nobody on the internet with a seeming chip on their shoulder (seriously, that post is just cringe) over anyone who promoted Facebook and (to a lesser extent, obviously) Google as sign-in methods.
In. A. Heartbeat.
You claim (elsewhere) that you only send responsible-sounding emails, but the level of invective in your screed leads me to disbelieve you. Personally, I think HME seems to have been created exactly to cope with people like you - and I’m failing to see this “hype” you talk about.
HME makes the value of an email address tend to zero, gives me the ability to cut you off without your agreement (and prevents you from selling my email on afterwards), and places all the control in my domain not yours. That’s simply the truth of the matter, and it’s not hype.
I distrust anyone who tries to downplay privacy as important.
I distrust anyone who tries to brand a genuine privacy upgrade as "hype"
And, frankly, signing in (with AppleID or not) doesn't prove a thing one way or another. The OP could be simply harvesting email addresses and selling them off later[+]. (S)he could be upset that HME and SIWA are a threat to that business. Far-fetched ? Sure. More far-fetched than an adult throwing the tantrum on the website ? Not so sure...
Or another option along the same lines. Perhaps OP has another more-public site that (s)he doesn't want to take this stand on for PR reasons, so they're doing it here, and getting "awareness" out there by submitting to places like HN. In that case, sure, there'd be no email abuse on the <don't care about> site...
There's a few other options that are possible. None of these get around the basic premise that privacy on the net is important (at least to me, YMMV) and I don't trust those who decry it.
[+] Tesla does this, for example. All of a sudden, a couple of years after buying power walls, I'm getting emails to Tesla@<my-domain> and texts containing Tesla@<my-domain> to my phone number (which I usually obscure using google-voice) asking if they can give me mortgage offers (for example). Tesla sold my details when I stopped buying expensive stuff from them - this is why I set up a catch-all address, and used <company>@<my-domain> whenever I signed up for stuff. Now I use HME.
It's funny - it always seems those who use "fanboiz" or other collective terms akin, always seem to be projecting...
They don't seem to be able to grasp that maybe there are different viewpoints in this world. Maybe that's even a good thing, and perhaps denigrating entire swathes of people as "fanboiz" says more about the person doing it than about the people they're complaining about.
>I distrust anyone who tries to brand a genuine privacy upgrade as "hype"
I particularly like this Apple fanboi argument - that having a third party (Apple) needlessly involved is somehow more "private" than only just the 2 primary parties being involved.
>I'm a Brit
Well I guess that explains a lot then - you're probably one of those that also voted for brexit, but now completely denies it - right?
Offering Apple as a choice does not remove the customer's ability to use the two biggest names in surveillance capitalism as the "protector" of their privacy.
Agreed, Sign In with Apple is a fantastic feature from a user point of view and I also think twice about signing up for an app which does not support it
Protest is an important form of participation in a democracy, it's not petty at all. Forcing developers to add Apple ID as a sign-in method is the petty thing. The developers have no power unless they unionize in some form which seems absolutely impossible. So it seems to me that it's all a developer can really do to make a statement and I think it's brave.
It is not "petty", it is a way to ensure all users get access to a privacy-conscious method of logging in without giving up your privacy to Google or Facebook.
Being this angry at having to give users the option of better privacy really isn't a great look.
That is definitely not true for every app. There was never any clause in the App Store guidelines that you must provide traditional email signup. At least this way, the social-only apps will be forced to provide you a more privacy-preserving alternative, and for ones that don't use social logins anyway, nothing changes.
Of course, my comment was related to the app of the post Groups specifically
Which used to offer both social sign-up (FB and Google) and a traditional email sign-up option
You probably don't know that in this case, Groups was also forced to include AppleID or risk being removed from the App Store
Removing all social logins from this point to ensure compliance would have definitely affected all users who had originally signed in with FB/Google, way before AppleID ever existed
>Removing all social logins from this point to ensure compliance would have definitely affected all users who had originally signed in with FB/Google, way before AppleID ever existed
Yet it would have been more consistent! What is the point of going to war against Apple while embracing the private-data-broker model at the same time?
Just send a warning e-mail requiring password change because you decided to remove all social login as a protest.
And provide a password reset mechanism for formerly social-login users that haven't defined a password in time.
But Apple is forcing devs to include Apple ID and that's what's wrong here. They could have made it optional. Given how Apple users can be it likely would have ended up being in demand and devs would have included it out of their free will
There is basically no benefit to app developer in including it. It is more work, and you may get only an anonymised address. However, there is massive benefit to actual users.
Apple decided to prioritise users over developers here.
Trust me, I say this as a developer, if there is any indication that I am losing out on users because I don't have Apple ID, I will make sure to add it asap. That is pretty much the reason why I first included FB and Google. I first only had Google, then some people aksed for FB. The natural course would have been that then some other guys ask for Apple and I add it. But Apple decided to abuse its position and force it on us developers
Yes. It is important that more developers stand up to this kind of bullying. Apple needs to respect developers more and, if it wants them to integrate Apple services they should instead offer incentives rather than threats to them. As both a developer and an Apple user, I don't care about Apple ID and so why would I wish to waste my precious time adding features I am not interested in? (I use Apple products but I never use Apple ID anywhere because I believe it weakens my privacy - why would I want to share more personal data with Apple, a company that was part of PRISM and used to sell user data to the government?)
Equally, developers need to respect their users. I don't want to have to have a Facebook or Google account to use your product. Why should I be interested in your app if you force me you use either of those options? They were also involved in PRISM and both have far worse track records with privacy than Apple. More importantly, why should I trust you with PII?
Having your email address boils down to password recovery. For instance, I only ever send 3 types of emails:
1 - Activation email with activation code to ensure the person actually owns the email address (non-OAUTH sign-up)
2 - Password recovery for when they have forgotten their password. Yes, a user doesn't need this with OAUTH but sometimes they will have forgotten that they used OAUTH to start with and need to sign in with email & pss
3 - When push is turned off and someone has messaged you
I don't think this is beyond reasonable but I'm willing to take criticism
The messages sent to the "anonymous" Apple id mail are just forwarded to the user's inbox, aren't they? How is that any different from any other email address.
There is an email origin restriction- that's how they keep devs from selling them, emails can only come from the right domain. That still shouldn't be a problem though.
It isn't. My problem with AppleID is nothing more than that they forced AppleID on me. I would have voluntarily added it otherwise. But now because of this, I really really dislike it to the point that I will refuse to implement it in other platforms where it is not mandatory
And I think Apple's behavior should change so I am making this public
Asking an honest question: if Apple didn’t force this, would you really add this voluntarily?
Because this response tells me you’re willing to compromise your user’s experience because of your personal issues with Apple.
As a user, this does not give me confidence in your decision making.
It’s somewhat understandable to be annoyed, even angry at Apple. But the moment you decide to pass that on to your users is the moment you’ve forgotten the most important humans in this story.
Of course, it’s your right to do what you want, and if that means taking a stance against Apple ranks higher than your user base, I suppose that’s your prerogative.
But that definitely would make me hesitate to use the app.
I don't even hold a grudge against Apple. This is just me trying to make the world a better place. It's in everyone's interest that Apple doesn't gain authority to force us to do things (don't forget, devs also are Apple customers)
On the other hand, I absolutely trust Apple - my relationship with them spans over a decade and countless products/experiences.
I’m happy that they’re forcing devs to offer Apple Sign On as an option when other social logins are also offered. As a user, I trust Apple far more than any 3rd party dev.
I pay a premium to Apple because of their platform and the types of things they enforce.
I want you to understand that as a user, this is exactly what I want Apple to do and I pay extra for it.
But what you're telling me is that your opinion about Apple here supersedes my own wishes/wants/goals as an end-user.
This reads like "I know what's best, despite what Apple users say they want, and I'm going to make the world a better place by ignoring my users and telling them what they want is actually bad for them", despite the fact that this is actually a beneficial feature to users, even if it could be construed as a benefit to Apple as well (arguments can certainly be made).
> It's in everyone's interest that Apple doesn't gain authority to force us to do things
The rulebook to participate in this ecosystem is a mile thick. Why is this the issue that you choose to make a fuss over? There are a a myriad of other rules that are even more heavy handed, that actually are to the detriment of end users to protect Apple's walled-garden.
Picking a feature that arguably makes user's lives better seems tone deaf at best, and actively harmful to a broader message about openness at worst.
The thing is, Apple only 'force' you to add their option if you have an app on the store and offer another form of public federated identity provider. If you don't want to offer Apple as an option, then don't offer anyone else. Look at the context of why they have enforced it. Privacy is hard. The concern is that that the majority identity providers/brokers in use are Facebook and Google. I'll happy listen to the 'competition' argument as it does have a little merit. However, when weighed up against the notion that these two are the only real choice for a significant volume of apps, it is extremely worrisome from a privacy point of view. Neither have a reason to respect end users, or you as a developers privacy because that's how they make money.
Petulance does not become a developer. The last time I saw a tantrum thrown this much was when my kid was 5 and had a major meltdown over a lack of chocolate ice-cream.
He didn't get any ice-cream for a week, a response that taught him meltdowns don't work.
You can judge my post as a tantrum, and I won't even take offense, friend
Now I ask you this: how far are you willing to go to further a good cause? Watching from the sides feels more comfortable, but we are being decimated and doing nothing won't change a thing. We need to act now, or watch our profession/hobby/passion be used to fatten the already morbidly overweight big tech companies
> how far are you willing to go to further a good cause?
But what, exactly is the "good cause" here? Is the good cause to force Apple to stop delivering an experience that we've already established throughout this thread is an experience Apple users want?
There are so many problems and battles to be fought in tech, so much abusive behavior, so many dark patterns. This is not that. If this is the cause you're fighting, I fear you've missed the forest through the trees.
Unless you had something else in mind, in which case I'm genuinely curious.
What is the “good cause” here? You’re just being user hostile and fighting a feature that is highly beneficial for users! If anything, it is Apple that’s fighting a good cause here.
Does something being beneficial for users justify anything?
Enslaving the entire Uber driver or deliveroo poor sod population is arguably beneficial for users. But, is it right? Plenty of jurisdictions have already spoken that these workers have rights. Nobody has made a ruling regarding developers yet
The "iMentality" can't possibly extend to wishing that Apple treats other human beings like **. Can it? If so, we may have gone back in time to even before the 1860s
You're underestimating email. People reuse their email address, so it's not as benign as you think.
Just googling someone's email is a start. But worse actors can find your email on a combolist or figure out what other services you use. Just knowing someone's email is the first step to social engineering a customer service backdoor, for example.
AppleID specifically helps users avoid all this with trivial per-app email address generation, and that's something our tools should have given us a decade ago.
> Having your email address boils down to password recovery. For instance, I only ever send 3 types of emails
I don't care. I don't trust you. I don't trust any of modern devs, I see every other new shiny crap on the internet only as an attempt to extort me of data and/or money (subscription) now. Before Apple introduced that feature I was using email aliases in my Fastmail. Need to register in new service - go to Fastmail, generate an alias for some weird domain they've got, setup filter for it to go to "dodgy" folder and then register.
Now I don't need to do that anymore, Apple automated that for me.
And thank's Apple it also forced guys like you to allow me to use that automation. At least on their platform.
For same reason the only way I buy a subscription is through an in-app-purchase - because I can just to go App Store and cancel it and don't need to deal with people like you. I remember like an year ago I was waiting for a refund for a cancelled subscription and my emails were ignored and the only way to get the attention was to open a dispute in PayPal. Yet another supplier-hostile but consumer-friendly company. Thanks god they exist.
I think some smaller-time devs don't appreciate that if they "win" against Apple and make them significantly loosen restrictions, users' wallets will tighten, especially for small developers and companies that no-one's heard of. Keeping the App Store low-friction, low-risk, and UX consistent, is a huge benefit for those kinds of devs (the ones selling software or subscriptions, anyway).
Yes, developers need to respect users too. But that should be between the developers and the user. If a user asks me to add Apple Id as an option in an app I make, that is something that I would seriously consider as I care about my users. Why should a developer care about something no user has requested but Apple is forcing them to use?
Apple could be considered a genuine neutral arbitrator if it didn't take money from both the developers and its users. What it has done instead is to force itself between the user and the developer, and exploiting both in the name of the users (developers lose money to Apple's extortion, and the money it extorts from the developers is ultimately passed to the user, and thus they end up exploited too).
It doesn't work like that. Users can't ask about options they don't know about.
And even if they do, too many developers couldn't give two shits. Great example is how users overwhelmingly opt-out of tracking when the OS warns them about it (because "developers thinking about users" never even considered not tracking)
The bizarre thing is the ignorance here that this whole thing is a matter of choice! I am glad that there are developers who recognize that they do not have to accept unfair, and even unethical, practices from corporates. And are willing to speak about it and fight it.
Like minded developers are not just fighting Apple, but the whole attempt by "big tech" to move to the business model of exploiting developers by controlling distribution of softwares, and dictating terms that favour them. This ends up harming both developers, as they earn less, and users, as ultimately it the user who ends up paying the share of profits that Apple (and others) extort from the developers.
Nobody is forced to add Apple ID login if they don't have any other social logins. Personally I stick to direct signup but if I were forced to do social login, Sign in with Apple would be my first preference as it's the most privacy-preserving compared to Google, Facebook, Twitter, etc.
I wonder what it would take to "force" me into doing a social login? It would have to be something drastic, like a website that provides me with needed oxygen.
Anything else that would ‘force’ you to Have an Account somewhere, combined with that somewhere happening to outsource their identity framework to “social” of any kind. Or: the same things that would ‘force’ you to have a social network account to start with, potentially.
To get on my hobbyhorse some: what about a platform that your employer uses to distribute relevant documents and updates which you need for your job, which has become sufficiently well-known and implicitly available that hesitating about the dependency is perceived as bizarre?
Note that the response of “don't deal with them then” runs into market information and churn amplification¹ issues when it is a social assumption that picking up a ‘tool’ (which is actually a relationship with a third party, but where this is close to invisible in the steady state) is essentially a free action which requires no consideration, because the information about “does this employer require me to use this tool” neither propagates efficiently nor stays stable.
Past source: wound up changing the email address on one of my Google accounts recently for exactly that reason. They actually asked me up-front whether I had a GMail account they could use instead, which turned out to be because they use restricted Google Docs for critical material. Not naming them, but in a broad sense, this is one of the more ethical companies I've ever dealt with, by the way.
Future source: I should probably be considering digging into LinkedIn soon despite their past abusive behaviors, because as it turns out, if I want to dig myself out of this hole…
¹ I assume there's a ‘real’ term for what I'm thinking of, but I don't know what it is, so I cobbled that one together out of the most relevant-seeming bits.
Apple is extremely restrictive to developers. As a developer, I hate it. As a consumer, I love it.
Apple has never shown me hostility. On the contrary, I found Apple to offer reasons why they do things and how to work around them. Have they sometimes forced me to do things I don't want (and felt were worse)? Yes. But it was obvious what I needed to do to comply.
For example, this whole forcing devs to use "sign in with Apple" is not about imposing restrictions as you can decide to not use a third party sign in (on a new app).
Apple is saying "hey if your users can sign in with Facebook they should be able to sign in with Apple, we want a piece of the pie". Some iOS users are happy about the privacy aspect of this but fundamentally (IMO) this is not about privacy or restrictions, it's about making users and devs more dependent on the Apple ecosystem.
What's the "pie"? FB makes money off their data. Apple seems to be providing me the service I paid for.
If they made it optional, a large percentage of apps would force you to use Google/FB to login. That's not acceptable to me.
One of the major reasons I give Apple money is to because they can stand up against the privacy invading FB/Google and I, as an individual, cannot. So they are very much doing what I want in this instance.
If a dev uses a Facebook login on an app then it will never be able to remove it again as users won't be able to log in. Similarly, if it uses Facebook comments, these cannot be removed from a website as the content would be lost.
Apple does the same thing. As a dev once you open the door to using Apple you're forever stuck with that. As a user, it entrenches you further into the Apple ecosystem which is ultimately the whole Apple product strategy.
I don't really think lock in is Apple's primary goal. I think they are opposed to Google/FB spying on us, and therefore there has to be an alternative. You don't have to implement Apple SSO, you just cannot use any other SSO without adding it as an alternative.
Again, the point that you as a developer are missing is that your behavior is atleast as, if not more abusive towards your end user than Apple are being. Why should your user have to use an anti-privacy 3rd party like Facebook to use your app or service? Where is the users choice other than to not use your product?
I have to be honest here and say that I amazed, but sadly not surprised by the level of entitlement on display from a very small but extremely vocal set of developers.
I'm the opposite.
I NEVER use a third party login, my it be Apple, Google, Facebook or whatnot.
If your website/app doesn't offer their own independent login, I don't even think once whether I really need it.
I use them as a developer to offer it to users, not Apple though and not for apps.
But I wouldn't want any of those companies know which services I use. I am fine with using Auth0 or other third party providers, but only if I have to.
You don't even need to verify the mail in my cases, you could even use a completely fictious one. Clean, easy, anonymous.
Not really sure about smartphone hell, but most identity providers offer up the mail of the user anyway. Maybe that is different in phoneland though.
I think preferring to use the website/app's own login makes initial sense, but distributing your personal information around opens you up to more opportunities to get tracked/pwned/leaked/whatever.
I used to prioritize the domain's own login, but now I'm starting to mix in some logins with Apple... I just prefer to have _less_ people have my personally identifiable information.
Agreed. I find the mere sight of the Facebook or Google logo off-putting and resent the implication that it is a higher-priority login mechanism than email, a sort of act of fealty of the app/web developer to the big platform middlemen.
I run my own mail server so it's easy for me to implement vendor-specific email addresses that cannot be correlated with other vendors', but more and more companies are offering that as a service nowadays, DuckDuckGo most recently:
Agreed, it screams two things to me. First that the company is supremely interested in collecting my personal information beyond what I would normally expect to provide. Second that they’re just too lazy to implement their own user system.
You clearly don't understand how social logins work, nor their benefits for users and site owners. Both of your assertions are wrong, and both "bad" things are exactly the opposite.
You don't get anything beyond what you ask for AND are granted access to by the user.
FB login gives email and name AFAIK, but you can ask for lots of other stuff and be denied. Google defaults to email, not sure about name, and has separate requests and grants for any additional information. They don't have nearly as much of a profile as FB does, but can give address and some other details. Apparently Apple doesn't even provide a real email, so that seems even better for "collecting [your] personal information" than using... your personal email address!
Social login is much better than storing passwords in any form (plaintext, encrypted, hashed), and gives both the user and site owner the benefit of FAANG security.
To the average user, social login is about convenience. I see a large number of responses in this thread that seem to have forgotten about the most important person in this whole conversation: the end-user.
Users want
- Easy access
- A familiar experience
- A consistent experience
- To avoid more passwords
They generally are not aware of the privacy tradeoffs they're making by using social login.
I'd argue that if the developer truly wants to fight the good fight, they should remove social login altogether.
I find it odd that the options they support willingly are the options that are most user-hostile from a privacy perspective while the option they begrudgingly support (while making a big fuss about it) is the one option that actually tries to protect the user.
No, not at all petty. Kudos to the developer for standing up to the bullies that Apple and Google (and other tech companies) often are. Apple really needs to be reminded harshly that it is the developers that add value to their platform. And to share another perspective, I never use login from another service as it means you are sharing more data with them, and you become hostage to their whims and fancies they call their "terms and conditions". So if one day they don't like the app / service you have been using for whatever reason, they can bar you from logging into it without giving you any choice for it.
Apple is the most petty entity that I have to deal with on a regular basis. They refuse to automatically capitalize the words Linux or Windows but they'll practically force you to capitalize the phrase "app store" even though they don't have a real trademark on it. They'll try to change your vocabulary from "installing" to "side loading" just to protect their business model. They'll reject your app for looking too different. They're so petty that I think there's probably another word that I should be using to describe the level of pettiness that they've reached. Machiavellian perhaps.
The autocorrect dictionary contains the name of every app on your device. It’ll learn Linux organically eventually, maybe Windows depending on how much home improvement you do….
Before apple introduced apple id, there was a annoying tendency of applications offering only third-party authentication from either google or facebook.
Compared to Google or Facebook, Apple is definitely the lesser evil and an acceptable compromise between trusting Google or Facebook and the inconvenience of creating a login for every app.
Forcing the implementation of Apple ID on applications that use other providers is actually increasing customer choice for me.
As someone who owns multiple Apple devices and is generally pretty happy with their hardware and services, I agree. I wish there was at least a third option, if not more competition in this space.
RIP Windows Phone, WebOS, Meego, Firefox OS, et al
FfOS would have been a great alternative. I kinda still hope that a similar software setup (boot to browser, sandbox all the things to there) will one day be flashable to any generic handheld device, like older Android phones or the Pinephone.
In fact I use it daily in my 3310, buttons and all, as a replacement for my <model forgotten> FFOs phone from a few years back.
From that experience I can tell you it has nothing in common from the user point of view.
Actually Windows Phone was pretty much killed by Microsoft's lack of marketing, developer incentives and general incompetence, the OSes (7 and 8 mainly, 10 was weird) were incredibly smooth, fast and well designed. For a short while (in between most popular apps gaining WP support and then dropping it) it was IMO the best mobile experience available. You could get a dirt-cheap low-end phone like the Lumia 520 and it just worked. Then there were the AMOLED Lumias (Windows Phone was almost all black!), good cameras, the future looked really promising. Well. Good times were had.
Never forget how MS decided to prop up their WP app store numbers by running classes that ended up in the projects being submitted (and approved) to the store.
The amount of utter shit in the WP store was astounding. It was like if every single 0 star GitHub project had been submitted to a store for everyone to download.
My father wanted a smartphone but didn't want to pay Apple premiums, so I told him to get a Windows Phone because they guaranteed software updates, unlike Android's dismal situation.
He was very happy with it, then it was EOL-ed and WhatsApp stopped working on it (I consider that a feature, not a bug, but for some odd reason he disagrees). So I set him up with a LineageOS Pocophone F1. He still misses the simplicity of the Windows Phone UI, though.
I don't remember any WP8 phones actually being a good experience. The high end Lumias had good cameras...once the camera app eventually launched. The low end Lumias were absolutely terrible in every respect. They were dirt cheap because they were garbage. The App Store was a joke and what little software it had was awful.
The Metro/Modern/Whatever UI looked good in screen shots. In actual use the tiles just ate up a lot of screen real estate and rarely refreshed their content when expected. The UI inside apps was equally brain dead with touch elements often lacking borders. So you'd have to hope you aimed your finger perfectly on an icon. Because the UI could become unresponsive for unexpected reasons, especially on garbage phones, even if you hit an element it wasn't clear if the app was actually responding.
Windows Phone 8 and up was a dumpster fire. The highest end phones were just okay and didn't really hold a candle to the Apple and Android flagships of the time.
And they trashed themselves. Microsoft was late to the party, but Windows Phone 7 was genuinely innovative and good. Unfortunately, when WP7 started to get some traction, they reset the entire ecosystem with Windows Phone 8, which could not be installed on existing Windows Phone devices. And Windows Phone 8 applications could not be installed on Windows Phone 7.
That is still one of the most mind boggling decisions I've seen. You launch a new smartphone platform to compete with two rivals that already have a head start, and then you intentionally wipe away all your progress so you can start even further behind again. Any interest in it evaporated overnight
Competition is no longer possible these days, as banks, towns, etc. start to require an _unrooted_ Android/iOS device for basic operations (e.g. authorization of credit card operations, paying taxes and fines, COVID stuff, etc.).
At least here in Germany, there are many banks that work fine on rooted devices. And outside of banking and Google Pay, I haven’t seen anything that won’t work on rooted devices.
Up until a couple weeks ago, my French bank's program worked on rooted devices. No longer. Same thing happened with my previous bank a year or so ago. They removed SMS 2FA as an alternative at the same time.
Agreed. I tried to get a hardware-based TAN generator from my bank because that's the official alternative, but they indicated as long as I don't do 10k transactions a day I "don't need one". But I did need one, lacking an up-to-date smartphone and a Windows/Mac PC.
They were also baffled that I wanted more than 5 digits as login PIN (without username) for the banking app.
There are lots of open mobile distros. I'd say postmarketOS is the best option for installing on random devices. Or for devices with preinstalled OSes, PinePhone or Librem 5.
On the contrary. Starting from the release of the original iPhone SDK in 2008, developers gained more capabilities and app entitlements than they lost.
I wouldn't obsess over the design of Apple's "Sign up with Apple" button, if the default darkmode just applies an inverted filter (inverting Google's and Facebook's logo in addition to the UI), and paddings and margins are all over the place.
Someone else was complaining about Apple rejecting their app, over the Sign In With Apple feature. They cast it as “kafkaesque.”
They showed a screengrab of their app, and they had altered the design of the button, by filling it with gray (I agree that Apple’s choices are fugly). The writer couldn’t understand why Apple kept rejecting their app, and Apple’s rejection reason was not helpful at all (we often need to read tea leaves to figure out why our apps were rejected. It’s because they have a limited selection of canned responses).
Recoloring a branding element will definitely trigger a rejection. The Apple Brand is the most valuable brand in the world, and they won’t brook having it reinterpreted. No corporation would allow this, if they had a choice.
I remember Facebook doing the same if you wanted their stuff on your website. You can't make the Facebook button the same color as all of your other buttons.
The rejection reason was that the option did not exist. It was the very first option. Calling that Kafkaesque is fine, and there is no reason for you to act so smug.
I'm not smug. I'm battle-scarred. I'll lay odds that I've had a lot more rejections than you have, and probably gotten a lot more pissed off at Apple.
Being an experienced Apple developer (since 1986), means that I have been incandescent with rage at Apple -many times. All of us have. Apple can be a real pain to work with.
I still develop for Apple, but I am not a "fanboi."
BTW: The rejection reason says that, because it's canned. It covers a lot of areas. I have received many such vaguely-worded rejections, and had to figure out why they bounced the app. In a couple of cases, I have been able to get people on the horn (PROTIP: Don't be calling them "smug," and be polite, even though you want to throttle them), where they have explained the issue.
[EDIT]: Also, branding is something that a lot of geeks don't understand, but it is very important (and valuable). Many of the seemingly insane moves by Apple are because they are building and/or protecting their brand. That "smugness" is actually a deliberate part of their brand. I don't think that it's a good idea for their fans to reflect it.
In terms of branding, a corrupted branding element is exactly the same as no branding element (except it's legally actionable).
Speaking of which, did anyone see this week's John Oliver show? I get the feeling that HBO is a bit peeved with Disney.
> In a couple of cases, I have been able to get people on the horn (PROTIP: Don't be calling them "smug," and be polite, even though you want to throttle them), where they have explained the issue.
> That "smugness" is actually a deliberate part of their brand.
I wasn't calling Apple smug, though?
I was calling your comment smug, because of 1. implying it's unreasonable to say "kafkaesque" despite Apple setting up a system where you need to "read tea leaves" instead of believing what they tell you, and 2. phrasing it as that they "couldn't understand" the problem.
Your advice, as far as saying they use canned messages that merely resemble the actual problem, is very useful. But don't be mean to someone that doesn't know that. It's a major failing on Apple's part.
Then I'd gently suggest doing a bit of research on what type of person I am, before immediately assuming that I am being mean. I'm a pretty decent chap.
I understand that you are one of the most senior members of this community, and I certainly appreciate the work that y'all have done, trying to keep this from turning into an ugly community.
I really (truly) appreciate the decorum here, and sincerely do my best to respect that. It is my goal to be a positive, contributing member here. I may be mistaken, but I do believe that I have some contributions to make, here.
I may come across as a stuffy old fart, but that is a deliberate departure from my earlier days, when I was ... not that way.
While the grudge against Apple is real and has been discussed time and time again, the revenge described here is a joke: no-one will seriously use a web version when an app is available, the experience is really not as good, the findability is not there and for many apps device-features will be missing.
When given the possibility, I always use the web version over a native app. I do not want to install as few software as possible on my device, and (at least for the time being) the security model of the browser is well-known and customizable (to an extent).
I used to agree with this. That was before I developed the web version and was able to compare real performance. Web (WASM) beats both Android and iOS native apps. Only downside is initial data transfer (1.2MB). A bit funny since the iOS app is 20MB and the Android one is 5MB
This seems a bit trashy and tone deaf. Apple does have plenty of problems, and shouldn't be as rich as it is, but that doesn't justify ignoring the legitimate complaints that lead to apple's work to hide email addresses and personal information from vendors.
I might want to use app Foo, I might even want to have an account on app Foo for syncing purposes, but that doesn't mean I want marketing emails, and spam, and all sorts of other crap from the makers of app Foo.
Or, just as often, anyone that has picked up my address from lists originally obtained via a hack of some sort because one of those entities has had lax security.
This isn't cleverly anti-Apple, it's just petty. I have plenty a gripe against some things Apple does, but the piece here makes a net zero good points.
It is hilarious how for a site which is populated by "educated" and "experienced" people, when the subject becomes Apple and how they are not perfect, the very same ones become a herd where they protect their shepherd.
I would be most happy if Apple was the only one out of Big Tech to get regulated.
Let them have their Microsoft moment, and for the wolf to lose it's fangs.
I'm usually exposing my email address while using Apple ID. When I'm logging from non Apple devices I want to be able to log using Facebook or Google and recover my account for this very reason.
The author's revenge seems to be against his users who opted to used Sign In with Apple. Since they will be the one suffering because they trusted to use the particular app.
I can find merit in complaining about apple's restriction in accessing payments. But SignIn with Apple, as a user I will always opt for that given my email won't be available with a third party forever for them to spam or sell.
I have integrated SignIn with Apple both in an app and backend. I never felt it was particularly difficult or under-documented.
Apple forced Groups to choose between having AppleID, or losing Sign in with Google/FB. That would have been equally bad for existing users who had chosen Google/FB before Apple ID was even a thing. Perhaps Groups would have happily adopted Apple ID if it hadn't been forced on it
At the end of the day Groups is a passion project. So it can be used to contribute to a world where developers aren't taken for granted
Apple ID was buggy as hell when it first came out.
Apple users will have to understand that Apple's policies can have an impact in what they get from developers. Apple only cares about $ and PR, wish it weren't this way
From your post I get that you don’t particularly care about the users who use you it app as you are not offering any way to transition users.
I think apple cares about their users and platform, they just care about your passion project and I can understand how that triggers you. But the users belong to the apple ecosystem. You are essentially a guest there and more importantly the user has a choice to privacy. Most of my friends buy iPhone because of ApplePay, Sign in, and now throwaway emails. Apple just caters to them and forces all developers to respect that.
As an engineer I never experienced any issues when integrating with Sign in. I’ve used it in 3 apps already in the past 2 years. There was also a very long grace period.
More like a prisoner, rather. As an Apple user, I would like to be treated as the owner of a device I have paid for - not like a "guest" or as a "prisoner".
I do care about my users. That's pretty much all I think of all day. Send me a support request? You will have my undivided attention, for free!
But please tell me, how else can I push back on Apple's bad behavior? In war, there are collateral victims. And I, a dude who's almost a nobody, is willing to take on Apple by any means necessary when they do this kind of stuff
Respect is earned, and it is high time Apple learns to respect developers. We should all be doing this kind of thing. I'd go as far as supporting a general app strike where services become unavailable. That's pretty much how workers have gained any rights and we desperately need rights
If you think that random deflection and taunting is going to distract me, or anyone else here, from the fact that you failed to support your argument, you are mistaken.
From what I've seen and experienced that is not true. Apple support is great and help me always, Apple store is great and I always get treated nicely. So I guess they care about me and my experience which translates into the platform they have built for ME - the user. I doubt they built a platform for the sake of building something.
As for Apple owning the user - elaborate pls. I don't see how they try to even own me. I made an educated decision to use that software and hardware BECAUSE of things like ApplePay, SignIn, App Store, etc.
You have to clear your mind, the don't care about you, they care about your money only. This is why they want you to be captive but they pretend that it is for your own good. And you buy it...
A trillion dollar publicly traded company sure care about money and PR.
I understand being a developer who does a passion project or an app. But I can't buy into, Apple forcing any developer to make a decision in a very short term.
Almost all new guidelines comes with a 3 months interval before being enforced. And most times the deadlines get extended https://developer.apple.com/news/?id=03262020b
Apple waits a year or more before removing the Apps that don't follow a newly enforced guideline. The restriction is a problem with app submissions that comes in after a deadline
I am fucking happy that apple didn't allow you to force the choice between Google/Facebook or annoying account creating down the throats of your users.
That's exactly the reason I pay more for apple hardware: UX consistency.
If I didn't want it, I would be saving money using android and windows for equivalent hardware.
Yeah, shame on Apple for protecting their user’s privacy. So evil of them to not allow 3rd party developers to harvest user’s e-mail addresses for no reason whatsoever.
At the end of the day you've made your choice. You believe the reason Apple does this is to protect your privacy. You can't see that they want to close you in and make sure they are the only contact you ever have with anyone. This is to get your $. You're in fact paying a premium because they artificially inflate the price of every software you buy (think fees)
I don't "harvest" (fancy word) emails for anything other than basic password recovery, but just so you know, spam filters are pretty good these days
You can keep trumpeting this, but as long as Sign in With Apple still works for password recovery (it does), then this is a straw man.
I don’t know you personally. Maybe you had a bad day, maybe you were still pissed about Google removing your app (wonder what that was about), maybe you just really love email addresses.
I don’t know why you did this, but your choice to punish apple users, to mislead them with that pop-up (it implies that it can’t be done, not that you chose not to implement 5 lines of code for personal reasons), and then chose to write a completely tone-deaf blog post about it, all tell me you are likely one of those devs I can’t trust. So I won’t.
Wow. What an ideologically loaded article. I distrust right away anyone who writes like this. You just lack any credibility to build a structured and constructive discourse.
The tech community has loved operating system flamewars since at least the usenet days. This blog post serves as pretty good bait to draw in contestants so I assume that people wanting to engage have upvoted it.
> The best way to convince Apple prisoners is to tell them what they need. Trust must only belong to Apple. Give them your money, your will, your worship, your everything. Apple will keep you safe
> Perhaps Apple customers deserve the luxury of "choice" (between different Apple devices, of course)
I don't understand the tone. Do these people actually not understand that different people have different preferences and priorities? Or is it a pose of some kind? I mean, it's 2021, Apple has been on fire pretty much continuously since 2007, they're making a killing everywhere they go and they're, as we speak, pulling off the biggest and smoothest on-the-fly architecture transition ever.
Is it still not clear to some people that Apple users genuinely enjoy using Apple devices and that the company clearly does something right?
Your second quote conveniently chops out the main point of the article, which is that Apple abuse their dominance to force developers into having no choice.
Because dev experience isn't what my post was about. I don't agree with some of the ways Apple treats developers, but I mostly agree with how they treat users and I genuinely like (MacBook) or at least understand and respect (iPhone) their products.
What happens when Apple stops being on fire, and you are trapped in their ecosystem and can't get out? I won't argue that Apple makes the nicest and most comfortable golden cuffs, but in the end they're still chains.
> What happens when Apple stops being on fire, and you are trapped in their ecosystem and can't get out? I won't argue that Apple makes the nicest and most comfortable golden cuffs, but in the end they're still chains.
What are the options in the smartphone landscape? Please elaborate in a way that my elderly mother could use without 24h tech support from family members.
Android? And have instead of golden handcuffs a straight-out chain to serve the ads landlord? Yeah there's only a "choice" between the comfortable golden cuff of Apple and the being actively exploited by google. I know what to choose.
Obs. For anyone suggesting giving a de-googled lineage phone to my mother, just, please, don't.
> For anyone suggesting giving a de-googled lineage phone to anybody who isn’t a technologist or doesn’t have days and days to spend tweaking a poorly-supported-outside-certain-jurisdictions device, just, please, don't.
ftfy. I get a bit fed up with seeing these things promoted. I’m from New Zealand, not the US or Europe. Where do I get one? Who fixes it when it buggers up? Why does it cost so dang much? Why is it such a slow piece of crap compared to my iPhone 11? etc.
You are the one to judge what’s right for you. Now your grandmother would probably be fine with a Pixel phone, you are the one opposing it on principle. Same as how Chromebooks work well if basic tasks are your bread and butter.
To me Apple stopped being on fire for a while now, in particular as we switched from broken keyboard laptops to wonderful ARM laptops only available in small sizes with 2 usb ports. Also on principle Apple barring third party browser engines and game streaming are two huge no-go, in continuation to the selective ban on interpreted code which almost kills the editor ecosystem. Those handcuffs are not that golden, really.
I think I could easily pull all my data out. Files are, well, files; contacts and calendars can be exported in standard formats; photos are stored as JPEG or raw; music is MPEG-4; e-books are epubs; whatever.
Sure, I'll lose some features, but that's because other platforms don't offer those features, not because Apple is heinously putting extra effort into locking up my data.
Not sure actually, I realised I have never bought a book from Apple. The books I have in Apple Books are all epubs though. So, the program can deal with that format, but not sure what format purchased books have.
That's an easy one. To answer your question you need to do to things.
- Try to export your photos from Google Photos
- Try to export you photos from Apple Photos
Let us compare those two, shall we?
Google Photos:
- stored in cloud
- no _synchronisation option_
- export exists but you loose metadata unless if you do it through API so third-party sync is not possible as well
Options to get your data back:
- Manually select all the photos in web ui and click download.
- Use google takeout option.
Apple Photos:
- Synchronisation. Go to settings and click checkbox "download everything to this Mac". Same for iPhone. Offline ready, your data is on your device.
- Export - just go menu and click "Export originals". It will conveniently organise your photos into files and folders. No internet connection required because the data _is already on your computer under your control_.
So, to answer your question. If Apple stops being on fire, I export my data in a single click and move it somewhere else if there's any option. But it will be sad day because I'm afraid that there will be no option, besides Apple the market is filled with liquid shit that treats users as cattle.
P.S.
The example of photos works for everything else - my music library is synchronised and downloaded locally on multiple machines. If you've got Apple Music subscription you can drop anything in there and it'll upload it. Basically dropbox with UI of iTunes and Spotify on a side.
Same for iCloud Drive - it is downloaded locally.
Heck, everything is downloaded locally, stored on my Macs and backed up with time machine. My data is under _my_ control when I go with Apple.
If Apple is perfectly happy with other sign on, then privacy is certainly off the table. Otherwise, they wouldn't allow apps in their store offering any other sign on (extreme analogy would be apps with virus in it). Then why force developers to add Apple sign on even they don't want to, instead of just encouraging? They can easily do so by telling developers that "apps with no Apple sign on are allowed, but are placed low priority queue so the review process will take longer".
It is pretty standard "embrace, extend, and extinguish" strategy. Similar to what's happening in the browser market. They are waiting for majority of the apps to have their sign on and majority of users use Apple sign on, then update the policy to disallow other methods.
I mean I don't have any issue of Apple doing these in their own ecosystem, but at least don't be so hypocritical or naive when defending them.
They are using their app store monopoly to gain a foothold in the single sign-on business. You could try to claim that there's no business there but look at how Microsoft got spanked for giving away a free browser. Now the Apple has over half the phones in the United States, I'm looking forward to them getting spanked very soon hopefully.
Oh? Microsoft got in trouble for using the Windows monopoly to 1.) gain market share for their free browser and 2.) forcing OEMs to not sell alternative operating systems so they could keep their Windows monopoly. You can read all about that here [0]
That's exactly the kind of behavior that Apple is exhibiting here.
It's pretty easy to come along and say that I'm "ignoring the basic facts of the case" though without presenting any facts of your own to back that up. So let's hear your take now.
They got in trouble for lock in. Their integration of Internet Explorer practically made out the de facto implementation and made Windows the de facto operating system on machines.
But again, Sign In with Apple sits in addition to the other offerings, it doesn’t replace them, and in no case are developers expected to be unable to offer regular sign in with email.
To my mind, you’re not wrong, but making a rather different argument.
> Why then should Apple have monopoly on harvesting emails?
They don't, and aren't trying to. They are trying to disrupt the Google/Facebook duopoly in the SSO space. Devs are free to require new accounts that they have the email for, just not outsource it to FB/Google.
the rule seems somewhat orthogonal to developers getting emails. Developers can still request login by the old school email-and-password with (or without) sign-up verification by email. On the other hand, some third-party logins don't give developers their users' contact information (just a token to verify that they're on their platform with no authentication permissions, or a dev can request that this be so else the third-party will inform the user that the dev is requesting their contact info).
I don’t see the abuse here. Sign In with Apple is only required if you already support Facebook or Google or another third-party social sign in. If you support only email and password, that’s fine. If you do support social sign in, presumably you do so because then you don’t have to worry about passwords and stuff. Well, this is exactly the same. I don’t see why it makes a difference.
The abuse is that Facebook won't refuse updates to your customers' devices if you choose not to opt into their SSO, but Apple most certainly will.
The problem is not the social sign in aspect, but that fact Apple forces you to implement it if you use their competitors' service.
Had Sign in with Apple not been mandatory, but merely something customers would ask developers for, then I'd consider the framework to be fair game. This simply isn't that.
I would have agreed with you if Apple had <10% of the market share they enjoy today. The reliance society and businesses have on smartphone apps combined with Apple's closing off of APIs, their market share, and their anti-competitive behavior, make things like this extra problematic in ways they wouldn't be under freer market conditions for users and developers.
> they're, as we speak, pulling off the biggest and smoothest on-the-fly architecture transition ever.
I think Microsoft's architecture transitions between OSes were far smoother, in terms of ensuring backwards compatibility and giving developers far more advance notice. Of course, they stayed within the same chip family (well, except increasing the N in N-bit), so it was a smaller transition, but it worked well.
The author is writing as if the two players in the game are developers and Apple; but there are three players in the game: developers, users, and Apple. Most of the readers of this piece are users, because developers are users just as much as they're developers.
Privacy-preserving federated login options are a good thing. Knowing that the app, which may or may not have security or data protection, has less access to my information is good. I don't necessarily like Facebook, Google, or Apple having access to my information, but if they're the only ones, it's still better than having the app developer have it. Moreover, Apple's login is presented to the user as a user-positive feature: I can obfuscate my personal information conveniently. I like that.
If an app didn't have federated login, I'd make a judgment call about whether or not I want to create an account. Maybe I would, maybe I wouldn't. But if it does have a federated login option, I'd like them to support a variety of options, including Apple.
I'm not sure Apple should mandate it in the way they do, I can appreciate that the developer feels strongarmed... in the same way that I'm sure credit card processors engage in shady strongarming behavior of retailers. But I'd still rather go to stores that take credit in addition to (or instead of) cash, and I don't find it noble that the developer is writing that being forced to do something that his users would benefit from is bad for him.
I then read the second post the author wrote about getting his app removed from the Play store for not including a link to the privacy policy and it kinda comes off the same way. I don't necessarily like Google arbitrarily removing stuff with no notice, but I do like that Google has decided that a privacy policy should be a requirement of an app, and I sort of resent the guy complaining that he shouldn't have to follow that rule, which benefits me. He characterizes this as a "bad experience for users". I don't really agree.
I agree with pretty much everything you said. My only concern is that by forcing devs to support Apple ID, Apple has effectively eliminated all incentive they have to make it a compelling experience for users and developers. Whatever Apple decides to do with Apple ID from here, everyone else just has to deal with it.
I really like the idea that an SSO can also server as the single point of trust for personal information like an email address. I just wish Apple let that feature speak for itself. I wish they put in the effort to make Apple ID a popular auth solution because both devs and users actually want it - not because they're forced to have it.
There appear to be multiple threads to the backstory explaining some of the bitterness that the developer is clearly feeling, and I can understand the frustration at the ever-changing table stakes required to get a seat at the mobile app table, but this is an appalling attitude to what is an entirely valid and useful privacy feature.
But it isn't a privacy feature. A privacy feature would be to create an account with a password without mail validation.
I you use Apple ID, Apple gets the info which services you are using. The service might request additional infos about your person. Most people will always confirm that in reality. This way many services will end up with more user information. Many people will just share everything but might think about it if they needed to provide this info manually.
It is maybe a privacy feature because Apple might be better than Google or Facebook. Well...
Privacy , like security , has its own “threat models” and compromises depending on who you’re trying to get privacy from. So this is absolutely a privacy feature and it astonishes me that amount of people who don’t get this and try a No True Scotsman.
My mail provider would need to parse my mails to get info about what services I use. Identity providers have those apps registered and grand token for specific services. They know exactly when a user is logging to specific services. This data doesn't even need to be evaluated further, Apple would have a neat list about the services you use.
Still, the usual mail registration offers more flexibility and gives the user more control. So, email registration is a privacy feature if you argue like this.
Security wise it is a decent solution, but also a single point of failure. It is hard to argue this to be a privacy feature. It is only one if you trust Apple more than the other services and different forms of auth isn't possible.
I had to integrate apple sign-in and it was pretty straightforward implementation. I don’t know what’s so difficult and why the author has opted to create a sub par experience for the users of his product…
Revenge against Apple users, not Apple. Apple users who are also users of his product.
If he actually wants to help users, he can let users click through via Apple login on his site, then ask those users to also authenticate via one of the other methods (e-mail, Google or Facebook) and link the two. That way, he would be able to let his users still log in to their accounts via e-mail if Apple tries to shut him down (like Google did temporarily).
I think his focus should be on limiting potential damage to his users, not exacting revenge against large companies.
> So here is my small revenge: I am refusing to port Apple ID to the web version. Apple users who logged into Groups via the app with Apple ID will need to create a second account. Am I hurting myself? Am I shooting myself in the foot? Probably. But this is war
So, help me understand here -- the revenge is punishing their users that signed up with Apple ID? In what way is this revenge against Apple?
470 comments
[ 3.3 ms ] story [ 433 ms ] threadI agree. I only create accounts for things reluctantly. Because 1. Why do you want my email address, or DOB, or whatever else? I don't want your marketing, and 2. I can't be bothered, I downloaded your app because I have something I want to get done.
Because Apple's SSO will not be eternal and nobody wants to have a tier as a proxy on an important account credential.
Apple SSO is ok for throwaway account where your account has no "sentimental value" that you can't recreate easily. But the author of this post maintains a social network : nobody wants to be locked out a social network.
I have active accounts on websites that existed back when Apple was fighting not to die and I would have totally lost access to them if I had to sign-in to them through my Lycos account.
Don’t use apple SSO because apple might not exist one day?
You may as well argue not signup to anything using gmail because, heck, google might go out of business.
There is no benefit to users in giving your “real” details to service providers; the benefit is entirely on their side.
You can argue that Apple is harming the opportunities for 3rd party developers, sure, taking advantage of them? Sure.
…but let’s not try to frame this as somehow “pro consumer” to give your email away so people can spam you with notifications and offers to lift their engagement rates.
That is pure BS.
I assume OP point is that Apple or Google could still exists but your accounts might not exist, maybe you get banned or just decide you don't want to use Apple/Google/FB anymore.
I don't agree with GP's fear of Apple SSO vanishing without a transition period to something else, but the general premise that this form of login is not eternal but rather short lived in the grand scheme of things is reasonable and doesn't warrant your aggressiveness.
Also you might get locked out of your Apple account for a number of reasons and will then lose access to much more than just Apple services.
I fail to see any problem with this.
There might be a day when Apple is not _my_ cell phone platform. Even now I have an Android phone and iPad and I prefer to have access to same services from both.
https://firebase.google.com/docs/auth/android/apple
I personally avoid to do it, but that's not the point.
Every other third party allows account recovery by mail : if you want to stop using FB or Google's SSO, you can ask the website to send you a mail to prove the account ownership.
If Apple's SSO stopped working (because Apple stopped it, banned you, because you dont have Apple devices anymore so you are locked out of their proprietary 2FA), none of those websites could send you a recovery email.
> That is pure BS.
I don't feel like I've been insulting, so please don't be either.
They have SMS as a fallback. I know it's insecure and I'd rather they support TOTP, but let's not pretend having an Apple device is the only way to receive 2FA codes for your Apple ID.
I pretend nothing, I just didn't knew it since I had an iPhone for years.
This line is unwarranted and in violation of HN rules. Be cool.
I learned something today. I didn’t know you could get SMS codes for Apple 2FA.
Yes. And more to the point, because that Apple service may not exist in the future. Or Apple may determine that a particular app or service can no longer use its service for whatever reason, and you as a user will not have any choice in that manner. It's all been done before.
Given an alternative storyline where Epic Games allowed users to create account with relayed apple mails, wouldn't all those accounts suddenly became unusable today ?
https://appleinsider.com/articles/21/04/20/man-sues-apple-fo...
So has Google, and presumably the other platforms as well.
For every service I’ve built allow the user to create an account with email, Google, Microsoft, Apple, Twitter, Facebook and to later untie their account and move to email. Also if they ever get locked out from their oauth account they can use the email to create a password and login via the normal way.
This is exactly my point ! You can't recover your account if you don't know the mail used for registration. Even if you remembered it, no check could be made if Apple stopped to proxy the mails for one or another reason.
With other providers, you could always recover an account because your email address would let you prove the ownership of the account.
https://media.welsh.cc/SIAAsg
This is the problem with one click account vs email entering. It is a risk users should be made aware of but it is still their choice. And for some critical services I'll use my email, for other like the app in question, or most apps on the App Store I'll use one-click install, also most of the time there is no need for me to have an account. Most data can be stored on device without the need for user authentication.
If they are locked out of the oauth account, presumably they can't check their inbox.
edit: Oh, do you mean you ask for an email address after they already flow through the oauth process - because that's the worst of all :)
I agree that in a perfect world you'd provide your real email address and solve this problem. But developers and companies have repeatedly proven themselves to not be trustworthy and the majority will misuse any contact details for spam which users do not want. In fact there wouldn't be a business case (nor appeal to end-users) for Sign in with Apple if this wasn't a real problem.
They may well offer notice and time when they cancel the service in some future.
They won't offer any of that if they happen to erase your account just because though, as has happened to many people.
https://appleinsider.com/articles/21/04/20/man-sues-apple-fo...
Actually, under that logic it's only that you shouldn't use the @gmail.com domain; it should be fine to use Gmail with your own domain, since that allows you to recover if your Google account is canceled (just change the MX to another email provider).
Another thing you can do is to never use your Google account for anything other than email; that should reduce the chances of the account being canceled for no obvious reason. For instance, it's been reported that, if you used your Google account for Youtube, and Google decided your real name was not your real name (which it wanted due to the Google Plus integration with Youtube), your whole Google account could be canceled; that risk could be avoided by just never logging into Youtube with your Google account.
Right, that's why. Don't ever use "sign in with XXX" for any value of XXX, whether apple or google. Any of them can erase you off their site on a whim and you've lost all unrelated accounts where you made the mistake to "sign in with XXX".
Create accounts with your own email, control your future destiny.
Any website offering SSO options would have a sunset period to move it over if a provider went under...and if they don't, they are likely defunct at that point anyways...
The part where the developer puts the word 'privacy' in scare quotes is a bit of a red flag for me. Suggesting that "accept[ing] two "social logins": Google and Facebook. All was well." does not fill me with confidence that the developer respects privacy concerns.
iMessage backed up on iCloud where Apple has key to decrypt.
>“We specifically don’t collect data, even from point A to point B,” notes Cue. “We collect data — when we do it — in an anonymous fashion, in subsections of the whole, so we couldn’t even say that there is a person that went from point A to point B. We’re collecting the segments of it.
The segments that he is referring to are sliced out of any given person’s navigation session. Neither the beginning or the end of any trip is ever transmitted to Apple. Rotating identifiers, not personal information, are assigned to any data or requests sent to Apple and it augments the “ground truth” data provided by its own mapping vehicles with this “probe data” sent back from iPhones.
https://techcrunch.com/2018/06/29/apple-is-rebuilding-maps-f...
Google Maps:
>Google Maps won't let you save home address without allowing all Google tracking
https://news.ycombinator.com/item?id=18070183
and
>An Associated Press investigation found that many Google services on Android devices and iPhones store your location data even if you’ve used a privacy setting that says it will prevent Google from doing so.
https://apnews.com/article/north-america-science-technology-...
2011: iPhone's Location-Data Collection Can't Be Turned Off - https://www.wired.com/2011/04/iphone-location-opt-out/
"Your iPhone tracks your location for a variety of reasons. It tracks you to calibrate sensors and to improve services, but also to show you ads."
2019: How to stop your iPhone from tracking your location - https://www.cnbc.com/2019/12/19/your-apple-iphone-tracks-whe...
2019: It’s the middle of the night. Do you know who your iPhone is talking to? - https://www.washingtonpost.com/technology/2019/05/28/its-mid...
"The best way to keep something secret is not to capture and store it in the first place. And that’s the crux of the privacy versus convenience debate now redefining our applications and software-based services ... Yes, maybe what happens on an iPhone stays on an iPhone, but some data should not be captured in the first place. Nothing more so than the significant invasiveness of Apple’s significant locations concept—a perfect illustration of just because you can, doesn’t mean you should. This is a continually building data repository of the locations you visit, along with times and dates, detailed maps, even the mode of transport to get you there and how long it took."
2020: Why You Should Stop This ‘Hidden’ Location Tracking On Your iPhone - https://www.forbes.com/sites/zakdoffman/2020/10/04/apple-iph...
“Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this,” wrote researcher Douglas Leith from Trinity College in Ireland, in a recently published academic report ... “To date, Apple have responded only with silence (we sent three emails to Apple’s director of user privacy, who declined even to acknowledge receipt of an email,” Leith wrote. Since then, Apple has made public statements critical of Leith’s research and insisting privacy and opt-out measures do exist.
2021: Apple, Google Both Track Mobile Telemetry Data, Despite Users Opting Out - https://threatpost.com/google-apple-track-mobile-opting-out/...
"And there’s also a more fundamental issue with this technology. Its euphemistic description as a “crowdsourced” way to recover lost items belies the reality of how these items are tracked. What you won’t find highlighted in the polished marketing statements is the fact that AirTags can only work by tapping into an Apple-operated surveillance network in which millions of us are unwitting participants."
2021: Remember, Apple AirTags and ‘Find My’ app only work because of a vast, largely covert tracking network - elzbardico ↗ Apple is a capitalistic company, they are not saints. But part of their business model selling hardware and software is partly based on at least maintaining a minimal level of decency, far above what Google and Facebook practice. webmobdev ↗ I don't agree with that view point. As both a user of Apple's products and as a worried citizen about privacy rights, to me it looks like Apple is just using a different approach to collect the same user data that Google and Facebook desire. It is just using the hindsight of how Google and Facebook went about it, and the negative PR they faced, to refine both its data collection process and PR strategy to convey they are saints. (It's a classic Apple way - they observe their competitors and their product for a while, before refining it and launching their own).
There is a lot of profit in collecting and monetising user's data - Apple's shareholder will not allow them to leave it on the table. Apple knows that as it was part of the PRISM program and earned a lot of money by supplying the US government it's users data. (Apple also dropped plan for encrypting backups after FBI complained - https://www.reuters.com/article/us-apple-fbi-icloud-exclusiv... ). And on a different note, in the early years, Google too begin it's spying and data collection by convincing its users that it is a "decent" company.
https://appleinsider.com/articles/21/07/02/eu-antitrust-head...
All was well because nobody was forcing me (the developer) to include anything I didn't want. Users could still use traditional email signup. You are free to choose whom you trust. If your choice is Apple, well, that is your choice
In. A. Heartbeat.
You claim (elsewhere) that you only send responsible-sounding emails, but the level of invective in your screed leads me to disbelieve you. Personally, I think HME seems to have been created exactly to cope with people like you - and I’m failing to see this “hype” you talk about.
HME makes the value of an email address tend to zero, gives me the ability to cut you off without your agreement (and prevents you from selling my email on afterwards), and places all the control in my domain not yours. That’s simply the truth of the matter, and it’s not hype.
I don't challenge that Apple ID is a good thing. I protest Apple's method of implementation
I distrust anyone who tries to downplay privacy as important.
I distrust anyone who tries to brand a genuine privacy upgrade as "hype"
And, frankly, signing in (with AppleID or not) doesn't prove a thing one way or another. The OP could be simply harvesting email addresses and selling them off later[+]. (S)he could be upset that HME and SIWA are a threat to that business. Far-fetched ? Sure. More far-fetched than an adult throwing the tantrum on the website ? Not so sure...
Or another option along the same lines. Perhaps OP has another more-public site that (s)he doesn't want to take this stand on for PR reasons, so they're doing it here, and getting "awareness" out there by submitting to places like HN. In that case, sure, there'd be no email abuse on the <don't care about> site...
There's a few other options that are possible. None of these get around the basic premise that privacy on the net is important (at least to me, YMMV) and I don't trust those who decry it.
[+] Tesla does this, for example. All of a sudden, a couple of years after buying power walls, I'm getting emails to Tesla@<my-domain> and texts containing Tesla@<my-domain> to my phone number (which I usually obscure using google-voice) asking if they can give me mortgage offers (for example). Tesla sold my details when I stopped buying expensive stuff from them - this is why I set up a catch-all address, and used <company>@<my-domain> whenever I signed up for stuff. Now I use HME.
They don't seem to be able to grasp that maybe there are different viewpoints in this world. Maybe that's even a good thing, and perhaps denigrating entire swathes of people as "fanboiz" says more about the person doing it than about the people they're complaining about.
Just maybe.
You mean like you're doing?
Kettle, meet Pot.
I particularly like this Apple fanboi argument - that having a third party (Apple) needlessly involved is somehow more "private" than only just the 2 primary parties being involved.
>I'm a Brit
Well I guess that explains a lot then - you're probably one of those that also voted for brexit, but now completely denies it - right?
Maybe you're a good developer. And? How many sites on the internet do you think I'll have to trust before it backfires?
> I protest Apple's method of implementation
How else could it have been implemented that would have led to any reasonable adoption rate?
Offering Apple as a choice does not remove the customer's ability to use the two biggest names in surveillance capitalism as the "protector" of their privacy.
Being this angry at having to give users the option of better privacy really isn't a great look.
Which used to offer both social sign-up (FB and Google) and a traditional email sign-up option
You probably don't know that in this case, Groups was also forced to include AppleID or risk being removed from the App Store
Removing all social logins from this point to ensure compliance would have definitely affected all users who had originally signed in with FB/Google, way before AppleID ever existed
Yet it would have been more consistent! What is the point of going to war against Apple while embracing the private-data-broker model at the same time?
Just send a warning e-mail requiring password change because you decided to remove all social login as a protest.
And provide a password reset mechanism for formerly social-login users that haven't defined a password in time.
That would have been a true act of resistance.
Apple decided to prioritise users over developers here.
As a user, I am very satisfied that Apple made this a requirement.
As a developer, I just implemented it without throwing a tantrum.
1 - Activation email with activation code to ensure the person actually owns the email address (non-OAUTH sign-up)
2 - Password recovery for when they have forgotten their password. Yes, a user doesn't need this with OAUTH but sometimes they will have forgotten that they used OAUTH to start with and need to sign in with email & pss
3 - When push is turned off and someone has messaged you
I don't think this is beyond reasonable but I'm willing to take criticism
And I think Apple's behavior should change so I am making this public
Because this response tells me you’re willing to compromise your user’s experience because of your personal issues with Apple.
As a user, this does not give me confidence in your decision making.
It’s somewhat understandable to be annoyed, even angry at Apple. But the moment you decide to pass that on to your users is the moment you’ve forgotten the most important humans in this story.
Of course, it’s your right to do what you want, and if that means taking a stance against Apple ranks higher than your user base, I suppose that’s your prerogative.
But that definitely would make me hesitate to use the app.
I don't even hold a grudge against Apple. This is just me trying to make the world a better place. It's in everyone's interest that Apple doesn't gain authority to force us to do things (don't forget, devs also are Apple customers)
On the other hand, I absolutely trust Apple - my relationship with them spans over a decade and countless products/experiences.
I’m happy that they’re forcing devs to offer Apple Sign On as an option when other social logins are also offered. As a user, I trust Apple far more than any 3rd party dev.
I pay a premium to Apple because of their platform and the types of things they enforce.
I want you to understand that as a user, this is exactly what I want Apple to do and I pay extra for it.
This reads like "I know what's best, despite what Apple users say they want, and I'm going to make the world a better place by ignoring my users and telling them what they want is actually bad for them", despite the fact that this is actually a beneficial feature to users, even if it could be construed as a benefit to Apple as well (arguments can certainly be made).
> It's in everyone's interest that Apple doesn't gain authority to force us to do things
The rulebook to participate in this ecosystem is a mile thick. Why is this the issue that you choose to make a fuss over? There are a a myriad of other rules that are even more heavy handed, that actually are to the detriment of end users to protect Apple's walled-garden.
Picking a feature that arguably makes user's lives better seems tone deaf at best, and actively harmful to a broader message about openness at worst.
Petulance does not become a developer. The last time I saw a tantrum thrown this much was when my kid was 5 and had a major meltdown over a lack of chocolate ice-cream.
He didn't get any ice-cream for a week, a response that taught him meltdowns don't work.
Now I ask you this: how far are you willing to go to further a good cause? Watching from the sides feels more comfortable, but we are being decimated and doing nothing won't change a thing. We need to act now, or watch our profession/hobby/passion be used to fatten the already morbidly overweight big tech companies
But what, exactly is the "good cause" here? Is the good cause to force Apple to stop delivering an experience that we've already established throughout this thread is an experience Apple users want?
There are so many problems and battles to be fought in tech, so much abusive behavior, so many dark patterns. This is not that. If this is the cause you're fighting, I fear you've missed the forest through the trees.
Unless you had something else in mind, in which case I'm genuinely curious.
Enslaving the entire Uber driver or deliveroo poor sod population is arguably beneficial for users. But, is it right? Plenty of jurisdictions have already spoken that these workers have rights. Nobody has made a ruling regarding developers yet
The "iMentality" can't possibly extend to wishing that Apple treats other human beings like **. Can it? If so, we may have gone back in time to even before the 1860s
hobgoblin33@ussr.ru doesn't carry much info.
Just googling someone's email is a start. But worse actors can find your email on a combolist or figure out what other services you use. Just knowing someone's email is the first step to social engineering a customer service backdoor, for example.
AppleID specifically helps users avoid all this with trivial per-app email address generation, and that's something our tools should have given us a decade ago.
I don't care. I don't trust you. I don't trust any of modern devs, I see every other new shiny crap on the internet only as an attempt to extort me of data and/or money (subscription) now. Before Apple introduced that feature I was using email aliases in my Fastmail. Need to register in new service - go to Fastmail, generate an alias for some weird domain they've got, setup filter for it to go to "dodgy" folder and then register.
Now I don't need to do that anymore, Apple automated that for me.
And thank's Apple it also forced guys like you to allow me to use that automation. At least on their platform.
For same reason the only way I buy a subscription is through an in-app-purchase - because I can just to go App Store and cancel it and don't need to deal with people like you. I remember like an year ago I was waiting for a refund for a cancelled subscription and my emails were ignored and the only way to get the attention was to open a dispute in PayPal. Yet another supplier-hostile but consumer-friendly company. Thanks god they exist.
Apple could be considered a genuine neutral arbitrator if it didn't take money from both the developers and its users. What it has done instead is to force itself between the user and the developer, and exploiting both in the name of the users (developers lose money to Apple's extortion, and the money it extorts from the developers is ultimately passed to the user, and thus they end up exploited too).
And even if they do, too many developers couldn't give two shits. Great example is how users overwhelmingly opt-out of tracking when the OS warns them about it (because "developers thinking about users" never even considered not tracking)
Like minded developers are not just fighting Apple, but the whole attempt by "big tech" to move to the business model of exploiting developers by controlling distribution of softwares, and dictating terms that favour them. This ends up harming both developers, as they earn less, and users, as ultimately it the user who ends up paying the share of profits that Apple (and others) extort from the developers.
I wonder what it would take to "force" me into doing a social login? It would have to be something drastic, like a website that provides me with needed oxygen.
To get on my hobbyhorse some: what about a platform that your employer uses to distribute relevant documents and updates which you need for your job, which has become sufficiently well-known and implicitly available that hesitating about the dependency is perceived as bizarre?
Note that the response of “don't deal with them then” runs into market information and churn amplification¹ issues when it is a social assumption that picking up a ‘tool’ (which is actually a relationship with a third party, but where this is close to invisible in the steady state) is essentially a free action which requires no consideration, because the information about “does this employer require me to use this tool” neither propagates efficiently nor stays stable.
Past source: wound up changing the email address on one of my Google accounts recently for exactly that reason. They actually asked me up-front whether I had a GMail account they could use instead, which turned out to be because they use restricted Google Docs for critical material. Not naming them, but in a broad sense, this is one of the more ethical companies I've ever dealt with, by the way.
Future source: I should probably be considering digging into LinkedIn soon despite their past abusive behaviors, because as it turns out, if I want to dig myself out of this hole…
¹ I assume there's a ‘real’ term for what I'm thinking of, but I don't know what it is, so I cobbled that one together out of the most relevant-seeming bits.
Apple has never shown me hostility. On the contrary, I found Apple to offer reasons why they do things and how to work around them. Have they sometimes forced me to do things I don't want (and felt were worse)? Yes. But it was obvious what I needed to do to comply.
Restrictive is not the appropriate word.
For example, this whole forcing devs to use "sign in with Apple" is not about imposing restrictions as you can decide to not use a third party sign in (on a new app).
Apple is saying "hey if your users can sign in with Facebook they should be able to sign in with Apple, we want a piece of the pie". Some iOS users are happy about the privacy aspect of this but fundamentally (IMO) this is not about privacy or restrictions, it's about making users and devs more dependent on the Apple ecosystem.
If they made it optional, a large percentage of apps would force you to use Google/FB to login. That's not acceptable to me.
One of the major reasons I give Apple money is to because they can stand up against the privacy invading FB/Google and I, as an individual, cannot. So they are very much doing what I want in this instance.
It's explained in my previous comment.
Not well enough for me to understand, because I asked what you meant.
Apple does the same thing. As a dev once you open the door to using Apple you're forever stuck with that. As a user, it entrenches you further into the Apple ecosystem which is ultimately the whole Apple product strategy.
I like this result as a user.
I have to be honest here and say that I amazed, but sadly not surprised by the level of entitlement on display from a very small but extremely vocal set of developers.
My behavior? You have no idea what I do. I don't even develop for Apple platforms.
> Why should your user have to use an anti-privacy 3rd party like Facebook to use your app or service?
I would never use anything by Facebook. Not sure where you got that from.
> Where is the users choice other than to not use your product?
That is choice.
> I amazed, but sadly not surprised by the level of entitlement on display from a very small but extremely vocal set of developers
As a dev shouldn't I be able to have control over my application?
But I wouldn't want any of those companies know which services I use. I am fine with using Auth0 or other third party providers, but only if I have to.
You don't even need to verify the mail in my cases, you could even use a completely fictious one. Clean, easy, anonymous.
Not really sure about smartphone hell, but most identity providers offer up the mail of the user anyway. Maybe that is different in phoneland though.
I used to prioritize the domain's own login, but now I'm starting to mix in some logins with Apple... I just prefer to have _less_ people have my personally identifiable information.
I run my own mail server so it's easy for me to implement vendor-specific email addresses that cannot be correlated with other vendors', but more and more companies are offering that as a service nowadays, DuckDuckGo most recently:
https://www.spreadprivacy.com/introducing-email-protection-b...
I do use GitHub federated login, but only for apps like vulnerability scanners that do need OAuth access to my repos.
Neither is a good thing
If I were to write an iOS app, I likely wouldn’t. I don’t trust myself handling that kind of thing securely.
You don't get anything beyond what you ask for AND are granted access to by the user.
FB login gives email and name AFAIK, but you can ask for lots of other stuff and be denied. Google defaults to email, not sure about name, and has separate requests and grants for any additional information. They don't have nearly as much of a profile as FB does, but can give address and some other details. Apparently Apple doesn't even provide a real email, so that seems even better for "collecting [your] personal information" than using... your personal email address!
Social login is much better than storing passwords in any form (plaintext, encrypted, hashed), and gives both the user and site owner the benefit of FAANG security.
Users want
- Easy access
- A familiar experience
- A consistent experience
- To avoid more passwords
They generally are not aware of the privacy tradeoffs they're making by using social login.
I'd argue that if the developer truly wants to fight the good fight, they should remove social login altogether.
I find it odd that the options they support willingly are the options that are most user-hostile from a privacy perspective while the option they begrudgingly support (while making a big fuss about it) is the one option that actually tries to protect the user.
I'm really annoyed Vercel stopped offering email signups.
It’s kinda depressing that there isn’t more choice and competition in the mobile space. Your choices are Android and apple.
RIP Windows Phone, WebOS, Meego, Firefox OS, et al
https://gerda.tech/
It just targets devices your probably don't want to use (as in with physical buttons), so you haven't heard of it.
The amount of utter shit in the WP store was astounding. It was like if every single 0 star GitHub project had been submitted to a store for everyone to download.
He was very happy with it, then it was EOL-ed and WhatsApp stopped working on it (I consider that a feature, not a bug, but for some odd reason he disagrees). So I set him up with a LineageOS Pocophone F1. He still misses the simplicity of the Windows Phone UI, though.
The Metro/Modern/Whatever UI looked good in screen shots. In actual use the tiles just ate up a lot of screen real estate and rarely refreshed their content when expected. The UI inside apps was equally brain dead with touch elements often lacking borders. So you'd have to hope you aimed your finger perfectly on an icon. Because the UI could become unresponsive for unexpected reasons, especially on garbage phones, even if you hit an element it wasn't clear if the app was actually responding.
Windows Phone 8 and up was a dumpster fire. The highest end phones were just okay and didn't really hold a candle to the Apple and Android flagships of the time.
Release a phone platform. Then another, incompatible phone platform that looks and behaves practically identically.
Reminds me of Windows 11. Three different kinds of control panel, two different kinds of context menu, infinite different kinds of window frame.
MS competes with itself!
The rest of your comment, I sadly agree with.
They were also baffled that I wanted more than 5 digits as login PIN (without username) for the banking app.
https://wiki.debian.org/Mobile#Distributions
They showed a screengrab of their app, and they had altered the design of the button, by filling it with gray (I agree that Apple’s choices are fugly). The writer couldn’t understand why Apple kept rejecting their app, and Apple’s rejection reason was not helpful at all (we often need to read tea leaves to figure out why our apps were rejected. It’s because they have a limited selection of canned responses).
Recoloring a branding element will definitely trigger a rejection. The Apple Brand is the most valuable brand in the world, and they won’t brook having it reinterpreted. No corporation would allow this, if they had a choice.
I'm not smug. I'm battle-scarred. I'll lay odds that I've had a lot more rejections than you have, and probably gotten a lot more pissed off at Apple.
Being an experienced Apple developer (since 1986), means that I have been incandescent with rage at Apple -many times. All of us have. Apple can be a real pain to work with.
I still develop for Apple, but I am not a "fanboi."
BTW: The rejection reason says that, because it's canned. It covers a lot of areas. I have received many such vaguely-worded rejections, and had to figure out why they bounced the app. In a couple of cases, I have been able to get people on the horn (PROTIP: Don't be calling them "smug," and be polite, even though you want to throttle them), where they have explained the issue.
[EDIT]: Also, branding is something that a lot of geeks don't understand, but it is very important (and valuable). Many of the seemingly insane moves by Apple are because they are building and/or protecting their brand. That "smugness" is actually a deliberate part of their brand. I don't think that it's a good idea for their fans to reflect it.
In terms of branding, a corrupted branding element is exactly the same as no branding element (except it's legally actionable).
Speaking of which, did anyone see this week's John Oliver show? I get the feeling that HBO is a bit peeved with Disney.
> That "smugness" is actually a deliberate part of their brand.
I wasn't calling Apple smug, though?
I was calling your comment smug, because of 1. implying it's unreasonable to say "kafkaesque" despite Apple setting up a system where you need to "read tea leaves" instead of believing what they tell you, and 2. phrasing it as that they "couldn't understand" the problem.
Your advice, as far as saying they use canned messages that merely resemble the actual problem, is very useful. But don't be mean to someone that doesn't know that. It's a major failing on Apple's part.
I wasn't being mean, and I apologize for a poor choice of words.
I love developing Apple software, and heartily support you in your endeavors. Please consider me an ally.
I sincerely wish you luck, but Apple can definitely be ... interesting to work with.
I understand that you are one of the most senior members of this community, and I certainly appreciate the work that y'all have done, trying to keep this from turning into an ugly community.
I really (truly) appreciate the decorum here, and sincerely do my best to respect that. It is my goal to be a positive, contributing member here. I may be mistaken, but I do believe that I have some contributions to make, here.
I may come across as a stuffy old fart, but that is a deliberate departure from my earlier days, when I was ... not that way.
I haven't used any JS framework other than what's absolutely necessary for running the few WASM components
I might want to use app Foo, I might even want to have an account on app Foo for syncing purposes, but that doesn't mean I want marketing emails, and spam, and all sorts of other crap from the makers of app Foo.
And, more importantly, all sorts of other crap from the companies that Foo decided to disclose your email to.
Or, just as often, anyone that has picked up my address from lists originally obtained via a hack of some sort because one of those entities has had lax security.
Where as the advert for an apple keyboard gets voted right to the top
I would be most happy if Apple was the only one out of Big Tech to get regulated. Let them have their Microsoft moment, and for the wolf to lose it's fangs.
If Apple ran off a cliff, would you?
At the end of the day Groups is a passion project. So it can be used to contribute to a world where developers aren't taken for granted
Apple ID was buggy as hell when it first came out.
Apple users will have to understand that Apple's policies can have an impact in what they get from developers. Apple only cares about $ and PR, wish it weren't this way
I think apple cares about their users and platform, they just care about your passion project and I can understand how that triggers you. But the users belong to the apple ecosystem. You are essentially a guest there and more importantly the user has a choice to privacy. Most of my friends buy iPhone because of ApplePay, Sign in, and now throwaway emails. Apple just caters to them and forces all developers to respect that.
As an engineer I never experienced any issues when integrating with Sign in. I’ve used it in 3 apps already in the past 2 years. There was also a very long grace period.
More like a prisoner, rather. As an Apple user, I would like to be treated as the owner of a device I have paid for - not like a "guest" or as a "prisoner".
GP was referring to developers as guests, I believe, not to users.
But please tell me, how else can I push back on Apple's bad behavior? In war, there are collateral victims. And I, a dude who's almost a nobody, is willing to take on Apple by any means necessary when they do this kind of stuff
Respect is earned, and it is high time Apple learns to respect developers. We should all be doing this kind of thing. I'd go as far as supporting a general app strike where services become unavailable. That's pretty much how workers have gained any rights and we desperately need rights
Please review what "war" means, also.
Users own their Apple devices, Apple does NOT own it's users.
As for Apple owning the user - elaborate pls. I don't see how they try to even own me. I made an educated decision to use that software and hardware BECAUSE of things like ApplePay, SignIn, App Store, etc.
<<apple cares about their users and platform>>
You have to clear your mind, the don't care about you, they care about your money only. This is why they want you to be captive but they pretend that it is for your own good. And you buy it...
I understand being a developer who does a passion project or an app. But I can't buy into, Apple forcing any developer to make a decision in a very short term. Almost all new guidelines comes with a 3 months interval before being enforced. And most times the deadlines get extended https://developer.apple.com/news/?id=03262020b
Apple waits a year or more before removing the Apps that don't follow a newly enforced guideline. The restriction is a problem with app submissions that comes in after a deadline
Will avoid.
At the end of the day you've made your choice. You believe the reason Apple does this is to protect your privacy. You can't see that they want to close you in and make sure they are the only contact you ever have with anyone. This is to get your $. You're in fact paying a premium because they artificially inflate the price of every software you buy (think fees)
I don't "harvest" (fancy word) emails for anything other than basic password recovery, but just so you know, spam filters are pretty good these days
You don’t see that I want to only have to deal with one party. I don’t want 74637728 different logins if I can help it.
I want to not be forced by Apple to add things to my app. I want to add them willingly
You can keep trumpeting this, but as long as Sign in With Apple still works for password recovery (it does), then this is a straw man.
I don’t know you personally. Maybe you had a bad day, maybe you were still pissed about Google removing your app (wonder what that was about), maybe you just really love email addresses.
I don’t know why you did this, but your choice to punish apple users, to mislead them with that pop-up (it implies that it can’t be done, not that you chose not to implement 5 lines of code for personal reasons), and then chose to write a completely tone-deaf blog post about it, all tell me you are likely one of those devs I can’t trust. So I won’t.
I don’t care how upset you are with Fruit Co., you don’t take it out on Fruit Co.’s users. Who does one think one is, Epic?
Instead of yelling angrily at the clouds, maybe focus on copy writing and graphical layout, if you want your product to go further.
> Perhaps Apple customers deserve the luxury of "choice" (between different Apple devices, of course)
I don't understand the tone. Do these people actually not understand that different people have different preferences and priorities? Or is it a pose of some kind? I mean, it's 2021, Apple has been on fire pretty much continuously since 2007, they're making a killing everywhere they go and they're, as we speak, pulling off the biggest and smoothest on-the-fly architecture transition ever.
Is it still not clear to some people that Apple users genuinely enjoy using Apple devices and that the company clearly does something right?
What are the options in the smartphone landscape? Please elaborate in a way that my elderly mother could use without 24h tech support from family members.
Android? And have instead of golden handcuffs a straight-out chain to serve the ads landlord? Yeah there's only a "choice" between the comfortable golden cuff of Apple and the being actively exploited by google. I know what to choose.
Obs. For anyone suggesting giving a de-googled lineage phone to my mother, just, please, don't.
ftfy. I get a bit fed up with seeing these things promoted. I’m from New Zealand, not the US or Europe. Where do I get one? Who fixes it when it buggers up? Why does it cost so dang much? Why is it such a slow piece of crap compared to my iPhone 11? etc.
To me Apple stopped being on fire for a while now, in particular as we switched from broken keyboard laptops to wonderful ARM laptops only available in small sizes with 2 usb ports. Also on principle Apple barring third party browser engines and game streaming are two huge no-go, in continuation to the selective ban on interpreted code which almost kills the editor ecosystem. Those handcuffs are not that golden, really.
How so?
I think I could easily pull all my data out. Files are, well, files; contacts and calendars can be exported in standard formats; photos are stored as JPEG or raw; music is MPEG-4; e-books are epubs; whatever.
Sure, I'll lose some features, but that's because other platforms don't offer those features, not because Apple is heinously putting extra effort into locking up my data.
Are you sure ? I don’t use iBook but it doesn’t look to me like you can just export them as e-pubs and be done with it: https://www.igeeksblog.com/how-to-export-ibooks-from-iphone-...
- Try to export your photos from Google Photos
- Try to export you photos from Apple Photos
Let us compare those two, shall we?
Google Photos:
- stored in cloud
- no _synchronisation option_
- export exists but you loose metadata unless if you do it through API so third-party sync is not possible as well
Options to get your data back:
- Manually select all the photos in web ui and click download.
- Use google takeout option.
Apple Photos:
- Synchronisation. Go to settings and click checkbox "download everything to this Mac". Same for iPhone. Offline ready, your data is on your device.
- Export - just go menu and click "Export originals". It will conveniently organise your photos into files and folders. No internet connection required because the data _is already on your computer under your control_.
So, to answer your question. If Apple stops being on fire, I export my data in a single click and move it somewhere else if there's any option. But it will be sad day because I'm afraid that there will be no option, besides Apple the market is filled with liquid shit that treats users as cattle.
P.S. The example of photos works for everything else - my music library is synchronised and downloaded locally on multiple machines. If you've got Apple Music subscription you can drop anything in there and it'll upload it. Basically dropbox with UI of iTunes and Spotify on a side.
Same for iCloud Drive - it is downloaded locally. Heck, everything is downloaded locally, stored on my Macs and backed up with time machine. My data is under _my_ control when I go with Apple.
If they didn’t force developers to adopt this, they would never do it as it’s in their interest to harvest the e-mail addresses of their customers.
So anybody who is using Sign In with Apple trusts Apple to do the right thing.
Besides, what monopoly? Apple is perfectly happy with other single sign ons — provided you also offer Sign In With Apple.
It is pretty standard "embrace, extend, and extinguish" strategy. Similar to what's happening in the browser market. They are waiting for majority of the apps to have their sign on and majority of users use Apple sign on, then update the policy to disallow other methods.
I mean I don't have any issue of Apple doing these in their own ecosystem, but at least don't be so hypocritical or naive when defending them.
If the only other options you provide are Google or Facebook, you (as an app developer) clearly doesn’t care that much about privacy.
Apparently Apple doesn’t feel that any other providers care enough. That’s why they’re mandating the use of their privacy-focused solution.
They are using their app store monopoly to gain a foothold in the single sign-on business. You could try to claim that there's no business there but look at how Microsoft got spanked for giving away a free browser. Now the Apple has over half the phones in the United States, I'm looking forward to them getting spanked very soon hopefully.
Yeah, it's practically the same thing if you just ignore the basic facts of the case.
That's exactly the kind of behavior that Apple is exhibiting here.
It's pretty easy to come along and say that I'm "ignoring the basic facts of the case" though without presenting any facts of your own to back that up. So let's hear your take now.
[0] https://en.wikipedia.org/wiki/United_States_v._Microsoft_Cor....
But again, Sign In with Apple sits in addition to the other offerings, it doesn’t replace them, and in no case are developers expected to be unable to offer regular sign in with email.
To my mind, you’re not wrong, but making a rather different argument.
They don't, and aren't trying to. They are trying to disrupt the Google/Facebook duopoly in the SSO space. Devs are free to require new accounts that they have the email for, just not outsource it to FB/Google.
the rule seems somewhat orthogonal to developers getting emails. Developers can still request login by the old school email-and-password with (or without) sign-up verification by email. On the other hand, some third-party logins don't give developers their users' contact information (just a token to verify that they're on their platform with no authentication permissions, or a dev can request that this be so else the third-party will inform the user that the dev is requesting their contact info).
The problem is not the social sign in aspect, but that fact Apple forces you to implement it if you use their competitors' service.
Had Sign in with Apple not been mandatory, but merely something customers would ask developers for, then I'd consider the framework to be fair game. This simply isn't that.
That's interesting, I would have said that it was AWS doing that with Graviton. Do you have a source for this?
I think Microsoft's architecture transitions between OSes were far smoother, in terms of ensuring backwards compatibility and giving developers far more advance notice. Of course, they stayed within the same chip family (well, except increasing the N in N-bit), so it was a smaller transition, but it worked well.
Privacy-preserving federated login options are a good thing. Knowing that the app, which may or may not have security or data protection, has less access to my information is good. I don't necessarily like Facebook, Google, or Apple having access to my information, but if they're the only ones, it's still better than having the app developer have it. Moreover, Apple's login is presented to the user as a user-positive feature: I can obfuscate my personal information conveniently. I like that.
If an app didn't have federated login, I'd make a judgment call about whether or not I want to create an account. Maybe I would, maybe I wouldn't. But if it does have a federated login option, I'd like them to support a variety of options, including Apple.
I'm not sure Apple should mandate it in the way they do, I can appreciate that the developer feels strongarmed... in the same way that I'm sure credit card processors engage in shady strongarming behavior of retailers. But I'd still rather go to stores that take credit in addition to (or instead of) cash, and I don't find it noble that the developer is writing that being forced to do something that his users would benefit from is bad for him.
I then read the second post the author wrote about getting his app removed from the Play store for not including a link to the privacy policy and it kinda comes off the same way. I don't necessarily like Google arbitrarily removing stuff with no notice, but I do like that Google has decided that a privacy policy should be a requirement of an app, and I sort of resent the guy complaining that he shouldn't have to follow that rule, which benefits me. He characterizes this as a "bad experience for users". I don't really agree.
I really like the idea that an SSO can also server as the single point of trust for personal information like an email address. I just wish Apple let that feature speak for itself. I wish they put in the effort to make Apple ID a popular auth solution because both devs and users actually want it - not because they're forced to have it.
I you use Apple ID, Apple gets the info which services you are using. The service might request additional infos about your person. Most people will always confirm that in reality. This way many services will end up with more user information. Many people will just share everything but might think about it if they needed to provide this info manually.
It is maybe a privacy feature because Apple might be better than Google or Facebook. Well...
My mail provider would need to parse my mails to get info about what services I use. Identity providers have those apps registered and grand token for specific services. They know exactly when a user is logging to specific services. This data doesn't even need to be evaluated further, Apple would have a neat list about the services you use.
Still, the usual mail registration offers more flexibility and gives the user more control. So, email registration is a privacy feature if you argue like this.
Security wise it is a decent solution, but also a single point of failure. It is hard to argue this to be a privacy feature. It is only one if you trust Apple more than the other services and different forms of auth isn't possible.
If he actually wants to help users, he can let users click through via Apple login on his site, then ask those users to also authenticate via one of the other methods (e-mail, Google or Facebook) and link the two. That way, he would be able to let his users still log in to their accounts via e-mail if Apple tries to shut him down (like Google did temporarily).
I think his focus should be on limiting potential damage to his users, not exacting revenge against large companies.
So, help me understand here -- the revenge is punishing their users that signed up with Apple ID? In what way is this revenge against Apple?