Will “Sign in With Apple” Revolutionize Digital Identity?

Written by

The Apple brand is one of a kind. No company has been able to refine a product like Apple— from iPhones to Siri to Airpods, the brand is able to offer a better—or at least more appealing—version of what is on the market. Its ecosystem draws customers in and keeps them loyal, encouraging them to purchase more of its products that all work seamlessly together. 

Apple is not an innovator. The iPod and iPhone were not the first of their kind to hit the market, but Apple took a concept and made it work for the top of the market. This meant fewer products sold at a higher price point, but engendered a great deal of loyalty.

Apple has announced yet another expansion to its ecosystem—its very own credit card. Following on from the popularity of Apple Pay, a simple way to tap and pay using another provider’s credit card will aim to give consumers the ease and security they demand, but with Apple’s very own financial product. The card is expected this summer, and may be more than it seems: not just a credit card, but the first step in Apple entering the identity space. 

The first shot?
Beyond its focus on high-end devices and design, Apple has already differentiated itself with its reputation on privacy. With this advantage, Apple’s new credit card may be just a warning shot in the battle around digital identity.

At Apple’s developer conference WWDC, ‘Sign in with Apple’ was announced. Websites will be able to integrate the new login method, creating a simple way for anyone with an Apple device to log in. Similar to promises around Apple Card, all accounts will be protected with two-factor authentication, and users’ activity will not be tracked.

Apple, with no need to sell ads, does not need to know its users’ behavior. Like the iPhone, iPad, iPod and so many other Apple products, this is not new. Google, Facebook and Twitter already offer similar services. Is privacy enough of a differentiator for Apple to thrive in the digital identity market however?

Can Apple win a one-sided battle?
Businesses want to know that their customers are real, and they are not being defrauded, and consumers want to know who they are doing business with. A recent report found that social media platforms such as Facebook and Google were simply not trusted to manage digital identity. This perhaps isn’t surprising: the scandals that have swirled around Facebook have meant that privacy is now more valued by consumers than ever before.

Facebook is fine for wishing old school friends a happy birthday, but the idea of logging into a bank account using Facebook credentials is too much for many to stomach.

There was one sentence from the Apple Card launch announcement that stuck out: “The Apple Card is designed to make sure you’re the only one who can use it.” With this and the sign in service, Apple is recognizing that privacy and convenience are of paramount concern for customers today.

Compared to the competition, Apple is prevented from receiving information on purchases, and the word “privacy” is repeated in the press release. Apple want you to know that they are not interested in your data—Tim Cook has explicitly said that his company wasn't trying to take on Google and Facebook for first-party data.

The problem that Apple faces is that it cannot win this battle outright. The very ecosystem that has built the brand into the trillion-dollar company it is today will be its greatest limitation. Only those with Apple devices—a sizeable minority, but still a minority—will be able to use Sign in with Apple and the Apple Card. 

This means that any service provider that offers Sign in with Apple will only be catering to a minority of its customers - for example, Apple’s market share in the US is only 39% for 2019 Q1. To cater for everyone else, it will need to offer alternatives, such as traditional password, bank or government “log-ins”. This is fine for some services, less so for others. Highly-regulated financial services will certainly be reluctant to offer so many ways in, as will services that are less regulated but still deal with sensitive data.

If not Apple, then who?
Digital identity is increasingly a live battleground within countries and globally, where customers can be won or lost. Consumers don’t want to deal with long application processes, or remember scores of passwords, or fiddle with codes sent via SMS. They want simple ways to say who they are that are also highly secure. Unfair as it is to service providers, consumers do not want to compromise on either convenience or security.

So if not Apple, what will be the universal service that is trusted enough to offer digital identity that anyone can integrate? The answer is… perhaps no one. In some countries, such as Norway, banks have collaborated on an identity scheme that has gained traction beyond the financial sector. In many other countries, plans for digital identity schemes have either foundered—such as the UK—or simply not available yet.

That leaves many service providers with a choice: either they wait for the perfect digital identity scheme to come along, or they use enrolment and authentication solutions that will meet their customers’ needs today. Consumers may clamor for solutions like Sign in with Apple, but only because logging in to so many apps and services is painful, prioritizing security over a good user experience. Providers may not want to offer Sign in with Apple, but instead, when approaching this part of their business, think WWAD: What Would Apple Do?

What’s hot on Infosecurity Magazine?