What Is Sign In with Apple? (And How It Works)

UPDATED with yet more information from Apple. This story was originally published June 3, 2019.

Monday at its 2019 World Wide Developers Conference (WWDC), Apple unveiled its own single sign-on (SSO) service, dubbed prosaically "Sign In with Apple," to compete with Facebook and Google's services — with the promise that it won't use that information to sell ads or track you.

Craig Federighi introduces Sign In with Apple at WWDC 2019. Credit: Apple

(Image credit: Craig Federighi introduces Sign In with Apple at WWDC 2019. Credit: Apple)

Ever use Facebook or Google to sign into a non-Google or Facebook website? It's certainly convenient, and it reduces your data's exposure if any of those third-party sites get compromised in a data breach. But it also gives Facebook and Google greater insight into your online activities, which those companies then use to sell ads.

Even better, Apple's SSO solution gives you the option of signing up for third-party sites and apps using a unique, disposable email address that automatically forwards to your iCloud email address. Services and apps with which you use this feature won't know your real email address.

"Users are mostly lazy, so they use the Google and Facebook log in 'cause it is convenient," Carolina Milanesi of Creative Strategies told Tom's Guide. "Giving them an option to log in and keep their data private will appeal [to] users."

Who can use Sign In with Apple

Sign In with Apple will work on both the web and on iOS apps, and the latter function is pretty groundbreaking. The one possible downside is that you may need to have a iPhone X or iPad Pro associated to your Apple ID. We've seen at least one report stating that Sign In with Apple will authenticate you using Face ID on that device. [This is not the case — see update at end of story.]

In other words, Mac users with Android phones, or anyone with an older iPhone, may not be able to use Sign In with Apple, unless perhaps Touch ID can also be used to verify the user.  We're reaching out to Apple to nail down some of those details and will update this story when we receive a reply.

MORE: All the Apple News from WWDC 2019

How Sign In with Apple works

Using the example Apple software-engineering head Craig Federighi presented onstage today, a user named "Kim Kilgo" — there are at least three Americans on LinkedIn with this name — could sign up for an account with the guitar-training app Fretello using Sign In with Apple.

Federighi shows off an interface screen for Sign In with Apple at WWDC 2019. Credit: Apple

(Image credit: Federighi shows off an interface screen for Sign In with Apple at WWDC 2019. Credit: Apple)

The fictional Kim could choose to use her real iCloud email address for this by choosing to "Share My Email" in the Sign In with Apple interface. (We really hope the email address that Federeghi displayed onscreen doesn't belong to any of the real Kim Kilgos.)

But Kim could also choose the "Hide My Email" option, in which case Fretello would receive "fc452bd5ea@privaterelay.appleid.com" as her email address, and the guitar-training service would be none the wiser about her actual identity. (Tech-savvy users will recognize that string of gibberish as an 40-bit number rendered in hexadecimal notation.)

If Kim decides to delete her Fretello account, Apple will stop forwarding emails sent to fc452bd5ea@privaterelay.appleid.com to her iCloud address.

How many similar services exist?

Signing up for online accounts using bogus or throwaway email addresses has been possible for a long time. Services such as Mailinator, Guerrilla Mail or E4ward provide this for free or for a small yearly fee.

You can also do this using Gmail by appending text beginning with "+" to your regular Gmail address. For example, if you're John Smith and you're signing up for Dropbox, emails sent to "john.smith+dropbox@gmail.com" will go to john.smith@gmail.com. But that's not exactly anonymous.

You can also set up completely random email address using Gmail or Yahoo Mail, setting each new account to forward to another email address, but you've got to at least nominally manage those email addresses.

For the most part, these services only work through web browsers. Apple's new system is the easiest, most convenient way that we've seen to set up disposable email address when dealing directly with smartphone apps.

UPDATE 1: Apple told us in part that "customers can simply use their Apple ID to authenticate and Apple will protect users' privacy by providing developers with a unique random ID."

"Sign In with Apple makes it easy for users to authenticate with Face ID or Touch ID" instead of a password, the statement said, "and has two-factor authentication built in for an added layer of security."

We've also learned that no iOS or macOS device is needed to use Sign In with Apple, so Windows and Android users should be able to use the feature as well provided they have Apple IDs.

UPDATE 2: An update to Apple's App Store Review Guidelines posted Monday (June 3) states that Sign In with Apple "will be required as an option for users in apps that support third-party sign-in when it is commercially available later this year."

In other words, if an app lets you sign in using Facebook, Google or a lesser-known SSO service, it will need to offer Sign In with Apple as well.

We assume this is limited to iOS apps, but are checking with Apple to make sure that this does not cover Mac software as well.

Perhaps coincidentally, a pair of iOS app developers filed a class-action lawsuit against Apple today (June 4) alleging that the company's control over iOS apps constitutes an "abusive monopoly." The suit seeks to end Apple's monopoly over the distribution of iOS apps and permit competing iOS app stores.