All Devices Sign In With Apple - Supported Apps & Sites

[jeffhunterx]

This is a big contrast to Anylist’s developer who came up with a fake list of “problems” and then blocked users on twitter who pointed out the obvious solutions to his “problems”.

(I am the co-founder of AnyList.)

The blog post that ipedro is referring to is here: Why AnyList Won’t Be Supporting Sign In with Apple.

I'll let people read that and make up their own minds as to whether my objections are "fake".

I blocked ipedro on Twitter because it became clear that he wasn't interested in having a discussion, and just wanted to argue and attack me. For example, he implied that I didn't understand that Sign in with Apple can be offered on Android. Whereas if you read my blog post and search for "Android" you'll see that there are 5 results and I am very aware that it's possible to implement Sign in with Apple on Android.

 

[uniquexoxo]

Pinterest still not offering hiding email.

 

[ipedro]

(I am the co-founder of AnyList.)

The blog post that ipedro is referring to is here: Why AnyList Won’t Be Supporting Sign In with Apple.

I'll let people read that and make up their own minds as to whether my objections are "fake".

I blocked ipedro on Twitter because it became clear that he wasn't interested in having a discussion, and just wanted to argue and attack me. For example, he implied that I didn't understand that Sign in with Apple can be offered on Android. Whereas if you read my blog post and search for "Android" you'll see that there are 5 results and I am very aware that it's possible to implement Sign in with Apple on Android.

Do you really want to do this? You know I kept the receipts, right?

Where you repeatedly demonstrate that you don’t understand how Sign In With Apple works, despite being “99.9% sure”, right?

What else are you sure about? That “Android users need to know their relay email”? What?

Reading the blog post, it’s clear that you assume that everyone who isn’t you isn’t smart enough to find their account details.

Maybe it’s your pompous attitude that has something to do with how you see your users as idiots.

And again, you continue to miss that the issues you raise are not unsolvable and have in fact been resolved by other developers simply by being straightforward with their users and telling them why they require an email. Implementing Sign In With Apple across all your apps like you implement other social sign ins would solve your Android “problem”.

Finally, I certainly was willing to have a discussion — we were having one. You just weren’t willing to be corrected.

 

[uniquexoxo]

At this point I am just convinced that anyone who removed social logins is because they don’t want to implement SIWA, and is hiding something sketchy.

(I am the co-founder of AnyList.)

The blog post that ipedro is referring to is here: Why AnyList Won’t Be Supporting Sign In with Apple.

I'll let people read that and make up their own minds as to whether my objections are "fake".

I blocked ipedro on Twitter because it became clear that he wasn't interested in having a discussion, and just wanted to argue and attack me. For example, he implied that I didn't understand that Sign in with Apple can be offered on Android. Whereas if you read my blog post and search for "Android" you'll see that there are 5 results and I am very aware that it's possible to implement Sign in with Apple on Android.

Let me quote you

• If a customer contacts us asking for support, and we need to look up something in their account, typically we can just ask them for the email address on their account. But with “Hide My Email” that wouldn’t be easily possible, because the customer would have to figure out the privaterelay.appleid.com email address used for their account.

I’ve worked in Customer service the longest, and there are TONS of different way to identify a customer other than their email address.

• Finally, for a service like AnyList, which is heavily focused on sharing lists with other people, the “Hide My Email” option greatly complicates collaboration. Typically, customers share a list by typing in the email address of the person they want to share with. If that person already has an account, the list is instantly shared. But with the “Hide My Email” option, your spouse or friends obviously won’t know your privaterelay.appleid.comemail address, so when they enter your email address, our systems will believe that you don’t have an account. At that point, you’ll get an email from us asking you to create an account. If you accidentally create a new account, it won’t include the work you’ve done in your existing account created via Sign in with Apple. And if you manage not to make that mistake, then there would be a link between your email address and the account you created with Sign in with Apple, negating the value of hiding your email address.

Then implement using username.

There are tons of other services that relies on email address, you’re not that special. But for some reason they doesn’t seem to have problem with SIWA.

Your argument seems to be customer focused, and I think I have longer customer experience than you, that’s why I think your argument seems in-genuine to me. So if you are ready for this argument then I am all ears. Since you make yourself sounded so in-depth with having customer-first experience, maybe you should have hired someone who really knows about customer management, then you wouldn’t have all these issue.

 

[jeffhunterx]

Do you really want to do this? You know I kept the receipts, right?

First, let me start by saying that after a few back-and-forths on Twitter, I did allow my temper to get the better of me, and I responded to you badly in that tweet, for which I apologize. That was not the standard of behavior to which I aspire. I deleted that tweet shortly after it was posted. Even though it seems that your goal then (and now) was not to have a discussion, but simply to prove that I'm wrong and that I don't understand Sign in with Apple, I still should not have responded that way. I’ve resolved to do better in the future at not letting hostile strangers on social media get under my skin.

As for your criticisms:

I don't understand how Sign In With Apple works, because it's possible to implement it on Android:

I am fully aware that you can implement Sign in with Apple on Android, and that if you do so, then users do not need to know their private relay email addresses to sign in. This is explicit in my blog post. Please open the blog post, search for the word "Android" (it appears 5 times, in different paragraphs), and read everything that I said.

To follow up on what was said in my blog post, this commenter on Hacker News did a decent job of further expressing my point:

I'm not saying its impossible, and neither is the article. I'm saying that Apple clearly doesn't care about supporting a platform as huge as Android, and that clearly signals to multi-platform developers that they are on their own.

Sign in with apple is supposed to be a cross platform feature, but Apple can't be bothered to even write out some decent documentation for a platform with over 2 billion devices. Compare, for example, the Google sign in for iOS. They provide a working example project and full documentation.

If you are a developer supporting a cross platform app, you're not getting much help from Apple. That's what the article is saying: integrating this feature is going to be more work and more risk than it's worth. That's the point.

I don't understand how Sign In With Apple works, because we should just prompt users to provide their email address if they choose the "Hide My Email" option:

I don't consider this a viable option, since it goes against the intent of the "Hide My Email" option, and opens us to a major risk of Apple rejecting our app, now or in the future. If you watch Apple's WWDC 2019 video on Sign in with Apple (skip to about 32:45), the presenter says that if you collect a user's email address via Sign in with Apple, then you must "respect the email address that user chose to share". To me, this is a pretty strong signal that asking for email addresses after the user has picked the "Hide My Email" option is not something that Apple is keen on. One of the other criticisms I made in my blog post is that Apple states, “Apple reserves the right to disable Sign in with Apple on a website or app for any reason at any time.” Given this, I don't want to be tiptoeing around the edges of what is permissible, with a giant sword hanging over our heads, knowing that our app's ability to use Sign in with Apple could be turned off at any moment.

Your main argument seems to be that asking the user for their email address must be OK, because some other apps, like Pinterest and eBay, are doing it, but this is not a compelling argument. Apple's enforcement actions are quite arbitrary. Remember last month, when the HEY app was rejected for doing something that thousands of other apps were already doing?

You Download the App and it Doesn't Work

Examples of capriciousness in App Store policymaking.

youdownloadtheappanditdoesntwork.com

Remember when it was OK for parental control apps to use VPN functionality, until it wasn't?

The Shazam app, which is owned by Apple, was updated yesterday (July 14) and has Facebook Login, but not Sign in with Apple. So by your logic of, "some other app is doing this, so it's OK," then I guess it's not actually required to implement Sign in with Apple if you offer Facebook Login, because Shazam gets away with it. But oh wait, Apple is rejecting other apps that do the same thing as Shazam.

I think our users are idiots, because I'm concerned about user experience and the confusion and headaches that result from offering multiple login systems:

I'm not sure I follow you here. It seems like a non sequitur.

I don't understand how Sign In With Apple works, because the issues I raised are not unsolvable:

I never said that it was impossible for us to implement Sign in with Apple. My blog post explains why I think the risks and downsides of implementing Sign in with Apple outweigh the potential benefit. You are free to disagree with me on that, but that's mostly a matter of opinion. Your claim seems to be that I don't understand how Sign in with Apple works, and that I have my facts wrong, not just that we have different opinions.

Again, I apologize for that intemperate message on Twitter, I let my emotions get the better of me and deleted the tweet shortly after it was posted.
[automerge]1594875268[/automerge]

At this point I am just convinced that anyone who removed social logins is because they don’t want to implement SIWA, and is hiding something sketchy.

It's difficult to have a useful discussion with someone who states right off the top, "if you have a different perspective than me, then I am convinced that the only possible explanation is that you are engaged in sketchy (unethical) behavior."

Then implement using username.

We could, but a big part of the blog post was describing the hassles and headaches created by third-party login systems, and adding usernames would just make that even worse. On top of the problems with third-party login, people would have to create a username (a hassle) and then remember it. People generally don't forget their email address, but a username? I just had to scroll up to the top of this site to check if I my username on MacRumors is "jeffhunter" or "jeffhunterx".

Again, as I mentioned in another reply, my claims were never that it is impossible for us to implement Sign in with Apple. My blog post explains why I think the risks and downsides of implementing Sign in with Apple outweigh the potential benefit, and using usernames doesn't alter the calculus in any significant way.

I think I have longer customer experience than you, that’s why I think your argument seems in-genuine to me. So if you are ready for this argument then I am all ears. Since you make yourself sounded so in-depth with having customer-first experience, maybe you should have hired someone who really knows about customer management, then you wouldn’t have all these issue.

We launched version 1.0 of AnyList in the App Store in May 2012, so I have 8 years of experience with supporting the customers of our app, but there is always room to grow.

 

[NayoNL]

@jeffhunterx - I understand that as a developer you have to make different choices than we would like us users to make. For me as a user it is certain that everything concerning computers, smartphones, apps or - in general - the internet, is not safe.

SIWA helps me to at least protect my mail, if a database is hacked somewhere, then I will be less affected. No one can hack my Apple ID if I use the relay service. I use my Apple ID with an @iCloud.com mail, so having extra security gives me peace of mind.

So do your thing, you are the developer. I respect that. But then I just choose another developer that better suits my needs.

 

[kylew1212]

I like the way @NayoNL phrases things.
Discussion here is getting hostile. I think you should feel free to go any direction you’d like as a developer, but remember that might be a direction that I as a user do not agree with.

In my case I am no longer downloading any app that doesn’t implement SIWA, unless I cannot live without it.

 

[mthomas184]

@jeffhunterx so if you say you removed it because people dont remember what they used to sign in to your app with, then why is Sign in with Facebook still available on your website? Why does it only apply to your app? That is why people say it looks shady.

 

[jeffhunterx]

so if you say you removed it because people dont remember what they used to sign in to your app with, then why is Sign in with Facebook still available on your website?

We're removing it from our website. Our iOS app update was just released a couple of days ago. Updates to our Android app and website are in progress and will be released soon.

 

[Expos of 1969]

We're removing it from our website. Our iOS app update was just released a couple of days ago. Updates to our Android app and website are in progress and will be released soon.

Jeff, you are digging a deeper hole with every comment. Put the shovel away and hunker down and try to salvage your reputation and company.

 

[ipedro]

JustEat has implemented Sign In With Apple.


In a blog post, Just Eat talks about the process of implementing Sign In With Apple and how they resolved challenges such as a hidden email and the email relay, which they correctly solved by addressing users by their unique identifier rather than an email address — something that inexplicably continues to stump @jeffhunterx 's AnyList. Just Eat also talks about the driving force being giving their users a secure and easy way to log in, a lesson certain developers can learn from.

https://tech.just-eat.com/2020/05/27/lessons-learned-implementing-sign-in-with-apple-on-ios/

Users deserve at least the option of privacy. Nothing in Sign In With Apple prevents developers from offering it, other than laziness, pigheadedness, and/or the desire to track users around the web. Developers who refuse to implement Sign In With Apple are just telling on themselves and will find themselves in poor company as the list of apps that don't offer it dwindles.

 

[subjonas]

Jeff, you are digging a deeper hole with every comment. Put the shovel away and hunker down and try to salvage your reputation and company.

What kind of comment is this? He addressed someone’s fair question with a fair answer unless you have proof otherwise.

 

[LunarFalcon]

I have the same issue with this app, and Zillow.

It's still not working for Zillow. I've e-mailed their support and they say they're aware.

 

[Expos of 1969]

What kind of comment is this? He addressed someone’s fair question with a fair answer unless you have proof otherwise.

Simply pointing out that he won't win on these types of platforms and he may wish to take another approach. You are free to disagree which you obviously do. We all have opinions and that is that.

 

[subjonas]

JustEat has implemented Sign In With Apple.
View attachment 934445

In a blog post, Just Eat talks about the process of implementing Sign In With Apple and how they resolved challenges such as a hidden email and the email relay, which they correctly solved by addressing users by their unique identifier rather than an email address — something that inexplicably continues to stump @jeffhunterx 's AnyList. Just Eat also talks about the driving force being giving their users a secure and easy way to log in, a lesson certain developers can learn from.

View attachment 934448

https://tech.just-eat.com/2020/05/27/lessons-learned-implementing-sign-in-with-apple-on-ios/

Users deserve at least the option of privacy. Nothing in Sign In With Apple prevents developers from offering it, other than laziness, pigheadedness, and/or the desire to track users around the web. Developers who refuse to implement Sign In With Apple are just telling on themselves and will find themselves in poor company as the list of apps that don't offer it dwindles.

That’s pretty cool they detailed all that. A lot of it was over my head, but the one issue jeffhunter raised that I didn’t see it fully address was user-prompted support. It talked about using a unique identifier, but how would the user know this identifier when asking for support? Also can a user’s friend somehow use this identifier when wanting to connect to the user in the app?

Simply pointing out that he won't win on these types of platforms and he may wish to take another approach. You are free to disagree which you obviously do. We all have opinions and that is that.

It’s fine to have your opinion but your comment was not a relevant response to the comment you quoted.
And no, I don't obviously disagree. I have not taken any stance, except that I promote healthy discussion here.

 

[ipedro]

That’s pretty cool they detailed all that. A lot of it was over my head, but the one issue jeffhunter raised that I didn’t see it fully address was user-prompted support. It talked about using a unique identifier, but how would the user know this identifier when asking for support? Also can a user’s friend somehow use this identifier when wanting to connect to the user in the app?

Not only is Just Eat’s user base many many times larger than AnyList’s, it’s a type of app that by its very nature generates a lot of support calls.

Using SkipTheDishes (JustEat’s sister company in Canada) I had an issue with my food order and needed support. Right within the app, without giving them any identifying details, I was able to chat with support who resolved my problem.

AnyList’s blog about their problems with Sign In With Apple aren’t actual problems with Sign In With Apple. They’re problems with the antiquated way in which AnyList does support.

As JustEat has shown and hundreds of other apps have shown, Sign In With Apple can be implemented successfully, even in apps that do lots of support. AnyList is just too stuck in their ways and/or uncaring about user privacy to do the work to adapt to a world that demands privacy.

 

[subjonas]

Not only is Just Eat’s user base many many times larger than AnyList’s, it’s a type of app that by its very nature generates a lot of support calls.

Using SkipTheDishes (JustEat’s sister company in Canada) I had an issue with my food order and needed support. Right within the app, without giving them any identifying details, I was able to chat with support who resolved my problem.

AnyList’s blog about their problems with Sign In With Apple aren’t actual problems with Sign In With Apple. They’re problems with the antiquated way in which AnyList does support.

As JustEat has shown and hundreds of other apps have shown, Sign In With Apple can be implemented successfully, even in apps that do lots of support. AnyList is just too stuck in their ways and/or uncaring about user privacy to do the work to adapt to a world that demands privacy.

Thanks, I don’t know the inner-workings but yeah it does seem like as long as you’re logged in within the app, it should be able to know who is trying to contact them.

 

[jeffhunterx]

What kind of comment is this? He addressed someone’s fair question with a fair answer unless you have proof otherwise.

Yeah, this type of stuff is why I had to start blocking people on Twitter...

...something that inexplicably continues to stump @jeffhunterx 's AnyList.

Nothing in Sign In With Apple prevents developers from offering it, other than laziness, pigheadedness, and/or the desire to track users around the web.

This is why I blocked you on Twitter. We can't simply have different points of view and have a discussion around that. It's all personal attacks and ad hominem.

 

[Expos of 1969]

My last comment in this thread: I went to the website of AnyList which I had never heard of to find it is a grocery list tool. FFS, society has really hit the skids when there is an actual business selling the ability to keep and or create a grocery list. My wife and I manage to buy what we need when we need using a small pad of paper and pen. When we take something from the cupboard or fridge and think, hey we better buy a new one, we simply write it on the paper kept on the console in the kitchen. Takes seconds.

I have friends who own restaurants who don't need or use an app to handle their purchasing. Of course, this use of a shopping list app makes sense to those who need Alex or Siri to turn on a light, play a song or wipe their backside (although I would not trust Siri with that command ).

 

[ipedro]

Another Shazam update, still no SIWA...

Uber too. 🙄

 

[valdikor]

Uber too. 🙄

Uber has had SIWA for a while, at least on my devices (but not the web).

 

[ipedro]

Uber has had SIWA for a while, at least on my devices (but not the web).

Strange. Doesn't show on mine. I'll delete and reinstall.

EDIT: Yup, that worked. Uber is a big one. Updated in the list.

 

[Apple_Robert]

First, let me start by saying that after a few back-and-forths on Twitter, I did allow my temper to get the better of me, and I responded to you badly in that tweet, for which I apologize. That was not the standard of behavior to which I aspire. I deleted that tweet shortly after it was posted. Even though it seems that your goal then (and now) was not to have a discussion, but simply to prove that I'm wrong and that I don't understand Sign in with Apple, I still should not have responded that way. I’ve resolved to do better in the future at not letting hostile strangers on social media get under my skin.

As for your criticisms:

I don't understand how Sign In With Apple works, because it's possible to implement it on Android:

I am fully aware that you can implement Sign in with Apple on Android, and that if you do so, then users do not need to know their private relay email addresses to sign in. This is explicit in my blog post. Please open the blog post, search for the word "Android" (it appears 5 times, in different paragraphs), and read everything that I said.

To follow up on what was said in my blog post, this commenter on Hacker News did a decent job of further expressing my point:





I don't understand how Sign In With Apple works, because we should just prompt users to provide their email address if they choose the "Hide My Email" option:

I don't consider this a viable option, since it goes against the intent of the "Hide My Email" option, and opens us to a major risk of Apple rejecting our app, now or in the future. If you watch Apple's WWDC 2019 video on Sign in with Apple (skip to about 32:45), the presenter says that if you collect a user's email address via Sign in with Apple, then you must "respect the email address that user chose to share". To me, this is a pretty strong signal that asking for email addresses after the user has picked the "Hide My Email" option is not something that Apple is keen on. One of the other criticisms I made in my blog post is that Apple states, “Apple reserves the right to disable Sign in with Apple on a website or app for any reason at any time.” Given this, I don't want to be tiptoeing around the edges of what is permissible, with a giant sword hanging over our heads, knowing that our app's ability to use Sign in with Apple could be turned off at any moment.

Your main argument seems to be that asking the user for their email address must be OK, because some other apps, like Pinterest and eBay, are doing it, but this is not a compelling argument. Apple's enforcement actions are quite arbitrary. Remember last month, when the HEY app was rejected for doing something that thousands of other apps were already doing?

You Download the App and it Doesn't Work

Examples of capriciousness in App Store policymaking.

youdownloadtheappanditdoesntwork.com

Remember when it was OK for parental control apps to use VPN functionality, until it wasn't?

The Shazam app, which is owned by Apple, was updated yesterday (July 14) and has Facebook Login, but not Sign in with Apple. So by your logic of, "some other app is doing this, so it's OK," then I guess it's not actually required to implement Sign in with Apple if you offer Facebook Login, because Shazam gets away with it. But oh wait, Apple is rejecting other apps that do the same thing as Shazam.

I think our users are idiots, because I'm concerned about user experience and the confusion and headaches that result from offering multiple login systems:

I'm not sure I follow you here. It seems like a non sequitur.

I don't understand how Sign In With Apple works, because the issues I raised are not unsolvable:

I never said that it was impossible for us to implement Sign in with Apple. My blog post explains why I think the risks and downsides of implementing Sign in with Apple outweigh the potential benefit. You are free to disagree with me on that, but that's mostly a matter of opinion. Your claim seems to be that I don't understand how Sign in with Apple works, and that I have my facts wrong, not just that we have different opinions.

Again, I apologize for that intemperate message on Twitter, I let my emotions get the better of me and deleted the tweet shortly after it was posted.
[automerge]1594875268[/automerge]


It's difficult to have a useful discussion with someone who states right off the top, "if you have a different perspective than me, then I am convinced that the only possible explanation is that you are engaged in sketchy (unethical) behavior."



We could, but a big part of the blog post was describing the hassles and headaches created by third-party login systems, and adding usernames would just make that even worse. On top of the problems with third-party login, people would have to create a username (a hassle) and then remember it. People generally don't forget their email address, but a username? I just had to scroll up to the top of this site to check if I my username on MacRumors is "jeffhunter" or "jeffhunterx".

Again, as I mentioned in another reply, my claims were never that it is impossible for us to implement Sign in with Apple. My blog post explains why I think the risks and downsides of implementing Sign in with Apple outweigh the potential benefit, and using usernames doesn't alter the calculus in any significant way.



We launched version 1.0 of AnyList in the App Store in May 2012, so I have 8 years of experience with supporting the customers of our app, but there is always room to grow.

Jeff,

I just read your blog explanation regarding SIWA. All of the points you raised outside of the last one read like lazy excuses to me.

With AnyList, your job is to provide a quality product with good customer service. Good customer service does not mean hand-holding customers. If a customer forgets which email he or she used to sign up, that is on them. They should have kept track of such important information. If they can’t remember the correct email and password, they would need to create a new account. Once again, that is not your company’s fault nor it is the company’s responsibility to keep up with customer information apart from information that was originally entered.

Your last response in the blog sounds more forthright than the previous Mickey Mouse excuses given.

“Finally, for a service like AnyList, which is heavily focused on sharing lists with other people, the “Hide My Email” option greatly complicates collaboration. “

The bottom line is you are afraid that the SIWA feature will hurt your business with the last point you raised., even though you have been offering social media email sign up and maintenance for a long time. And to that I say once again, customers or businesses who wish to collaborate with your app can still do so.


Unless your business model is going to change where no email is needed, there truly is no excuse not to offer SIWA, unless doing so prevents you from profiting from sharing and selling client information. Companies 5 - 10x your size prove it can be done.

You are certainly free to do as you see fit. If I was looking to use your app, I certainly wouldn’t after reading your blog. I would also steer people away from your app(s)

Lame and lazy excuses don’t help a company to be profitable.

 

[TiggrToo]

FFS, society has really hit the skids when there is an actual business selling the ability to keep and or create a grocery list

That’s a horribly myopic comment to make. Just because you personally cannot see a need doesn’t mean there isn’t one.

We use OurGroceries and it's invaluable in keeping the list not only updated but added to even when one of us is out shopping.

It’s kinda flabbergasting to see a statement such as yours - the world doesn’t revolve around you personally.

To take your argument to the next level, why the heck does a phone have a calendar? You can buy perfectly functional paper calendars for just a few bucks.

Contact list on the phone? Bring out that rolodex.

And as for todo lists? Our patents and grandparents did just fine with pencil and paper, right?

Want I should get off your lawn now?

 

[seezar]

Siwa is back on Best Buy