Guidelines to Implement Apple Sign-In Security Feature in Apps
by Keshav Jeet, on Jun 15, 2020 3:25:37 PM
App Store has been touted to be one of the safest repositories for downloading and uploading apps in terms of privacy and user data protection. With every iOS update, Apple enhances the security layer fortifying users from cyber threats and security breaches, while also giving iOS mobile app development community the opportunity to innovate like never before.
So, in the presence of an array of security features, it becomes imperative for stakeholders as well as developers to understand what each security feature entails and how they can best leverage it for user’s safety.
In this blog, we will talk about the best practices and guidelines that developers can follow before enabling the new "Sign in with Apple" login feature that rolled out with iOS 13.
Let us start by understanding what Apple sign-in feature is and how it works?
"Sign in with Apple" is a user authentication mechanism that lets users make a new account on authorized apps, websites, services, without putting at risk the sensitive private user information. Users can authenticate via biometric authentication and exercise control over what data is exposed to the network with the feature, minimizing online footprint of their web history significantly. It also has a built-in two-factor authentication which adds an extra layer of security. Note that Apple does not use this sign-in feature to profile user activities in apps.
Benefits of Apple Sign-in Feature in your app or website:
- People can sign-in and sign up with just a single tap with their already owned Apple ID, and do away with the overhead of filling forms, validating email addresses, setting passwords, etc.
- In situations where you want to ask for names and email addresses, people can share a unique, masked email address that relays messages to their personal email address automatically ensuring the privacy of the data. This strategy ensures privacy and also helps to terminate any kind of interaction with entities after the account is deemed shut.
When to display Sign-In Feature?
It is critical that the sign-in with the Apple feature pops up at a time deemed as appropriate by the user. You have the following timeline choices to display the feature:
- Right when the user downloads it if the app has limited functionality without a user account.
- After users interact with the features of your app. For example, to save progress or set up a profile.
- After users make a transaction as a guest.
- To let users who have existing accounts, sign-in or re-authenticate on any app or website version you have
Developers that offer third-party options for sign-in are required to incorporate Apple's system. Apps using third-party and social logins for account authentication must also offer sign-in with Apple as a mandatory option.
As you develop and design your app for Sign-in with Apple, follow these guidelines beginning June 30, 2020:
App Store Review Guidelines:
- Test the app thoroughly for crashes and bugs
- Ensure accuracy and completeness of all app information and metadata
- Update correct contact information for app review to reach you
- Provide active demo account, login information, hardware, or resources required for app review, such as login credentials, QR code, etc.
- Enable backend services so that they’re live and accessible during the review
- Include a comprehensive explanation of non-obvious functionalities and in-app buying in the review notes, along with the supporting documentation when required.
To ensure the safety of content, optimum design performance, monetization integration, design, and legal compliance, go through apple’s latest app store review guidelines.
Guidelines for Websites and Other Channels
Sign-in with Apple JS
Your website as well as your app should follow design guidelines on the apple website to set up account, the sign-in experience, and the use of the sign-in with the Apple button.
Apple does not allow Sign-in incorporation with Apple on a website or an app that:
- Infringes the law or does not comply with legal obligations
- Offers services or transactions that include cigarettes or tobacco, firearms, illegal drugs, weapons, items that creating consumer safety risks, items intended for illegal activities, pornography, stolen, or counterfeit goods.
- Sells drug paraphernalia and sexually-oriented items and services
- Encourages hate, intolerance, violence, on the basis of age, race, gender, ethnicity, and sexual orientation.
- Is involved in fraud
- Infringes the intellectual property, privacy rights, publicity
- Displays Apple or its products in a misleading or derogatory form
Developers cannot use sign-in with Apple APIs for anything except allowing users to set up accounts to access your app or service. Apple also holds full rights to disable Sign-in with Apple on a website or app due to any reason at any instance.
There are numerous ways Apple offers to ensure data protection, and sign-in with Apple is one of the fastest, easiest, and most discreet ways to sign into apps and websites using the Apple ID that users have already authenticated. A number of tech giants offer this luxury but in exchange for personal information or tracking data, whereas this Apple feature has an opposite stance that offers exhaustive data protection in exchange for nothing. So, get in touch with some experienced iOS app consultants who can guide you on the best ways to get your ultra-secure iOS app to the market in a minimum TAT.