Apple has talks a lot on how its Sign in With Apple solves a problem most of us didn’t know. The issue? Most social sign-in services (think: Facebook and Youtube) act a little like user-tracking honey pots: you come to use a website, service or app and stay because the social services doing the authentication use that moment to gather even more information about what you do.
What happens is that the persistent identity used by social services is being combined with other data to identify where you go, what you look for, what readings you like, who your friends are and more. It sounds innocuous enough, but over time this profiling grows, and can be leaked, stolen or sold – and you don’t know by whom or to whom. In fact, as the Cambridge Analytica scandal showed us, they are.
Apple’s Sign in With Apple service intends to address this issue with a constructive solution. Apple (and myself) philosophically disagrees with the idea that user data is required to make web business work. Instead, it sees its role as being that of a trusted intermediary capable of providing a source of authorisation data that can be used by both end users and service/app providers.
Apple says it has built this service specifically, “to limit the amount of information that users are required to share, and to provide them with the peace of mind that Apple will not track them as they interact with their apps.” While such privacy-related tools aren’t foolproof – security is an ongoing battle – the fact they exist shows the need to disrupt the behaviours of existing data collectors and to push for more educated conversations about privacy – and the risks of losing it.
As a user, how does the “no tracking” work?
When you use Sign in With Apple to access a website, service or app, Apple generates a unique token for the user/developer pair and stores a fake email address* to use with that service/app provider. Later, you get to use the service/app without interruption, so long as you remain signed in with your Apple ID on your device. You thus do not need to share any more data, even not your email address during the registration process. Apple creates a unique and private relay address on your behalf. Emails sent to you via this address will reach you (and will be checked by Apple for spam), but the service/app provider will not have your real address.
Does Apple act as an Identity Provider? Not really. The Sign in With Apple service consists of (1) the proxy & relay service, (2) the user-to-device authentication using PIN, fingerprint or face-id, and (3) the keychain iCloud service. The identity of the user as known by Apple is not revealed to service/app provider. Only the positive authentication result is passed on. So Apple rather acts as Authentication Service while the identity is managed by the service/app provider. The Authentication Service hereby proves that the user (still) owns their device and is (still) registered with Apple. The Authentication Service additionally protects against man-in-the-middle attacks and credential theft using Apple’s authentication protection measures.
As a service/app provider, do I lose insights about my own customers?
Not necessarily. It is not that Apple collects this data on your behalf. Apple does collect first-party data about its own customers to support its own services. They will not share that with you. The Sign in With Apple is a ‘proxy & relay service’ that helps you make the registration process frictionless.
While the Sign in With Apple service creates anonymous accounts with your services, can you still collect consumer data for personalisation purposes? Yes, you can.
Let’s take an enterprise architecture viewpoint (see my post here). Enterprise architecture fundamentally build enterprise capabilities to nurture a desirable business outcome. These capabilities are developed using design thinking and customer centricity.
Design thinking starts with reframing the problem. So, why did you not a full registration process? Is it because you want to collect as much first-party user data as much as possible and as soon as possible? Or is it driven by the need to personalise the ads using the consumer’s context? If the problem is the latter, then ‘payment collection’ should be key enterprise capability.
Customer centricity starts with the overall consumer’s experience. So, how would a full registration process help the consumer? Are we product centric and solely focussed on data collection for ad purposes, or, do we care about long-term consumer value? In the latter case, registration should not become a point of friction.
In fact, ‘consumer understanding’ may become a key enterprise capability. This capability manages the collection and processing of context, desires, preferences, needs and affiliations of consumers as they engage with your services. All this information can be linked to the account generated and signed in by the Sign in With Apple service. With proper consent, this data can then be used for personalised ads and gaining consumer insight.
Caution
So Sign in With Apple can help reduce registration friction for Apple customers and it is compatible with today’s CIAM platforms. But beware. It is only a ‘patch’ to mask a deeper problem caused by identity management systems, namely the need for a user-id & password. We describe a more structural solution that is not platform dependent in How to implement anonymous login?
In addition to reducing the need for passwords and cookies, it may also be more interesting to focus on ‘community building’ as enterprise capability. While registered consumers engage with your services, their engagement can generate network effects if done well. Even if they are anonymous, consumers can be advocates and powerful influencers. This concept is illustrated in our post on Becoming reader-centric as a publisher and Becoming animal-centric as a producer of food.
Notes
*The user gets the option to reveal (1) their identity name & email address, (2) their name, (3) nothing (by editing the name into a fake one).
Controlled AI services 