In recent years, we have seen how many applications and services allow us use our Facebook or Google account for log in in applications / games and thus avoid having to register with an email, a process that many people prefer to avoid.
Although in most cases, we are informed of the data to which the application will have access, and we have no choice but to believe it and trust it if we want to use our Facebook or Google account instead of using a specific email account for these cases.
But the problem comes not only from the desire to collect data from both Facebook and Google, but also from the bad practice from some developers, developers who to earn extra money, are responsible for selling our data to both companies, even if we do not use our accounts on social networks.
The last example is found in the Zoom video call application, an application that due to the current situation of confinement that we suffer, has become one of the most popular both in the business field and at the private level. Last Thursday, the guys from Motherboard, published an article in which they claimed that the application for iOS was sharing user data without previously informing users in the privacy policy.
According to this medium, Zoom made use of the Facebook SDK to integrate "Login with Facebook", a function that, as I mentioned above, offers the ability to log in quickly and easily. However, by including this SDK, Zoom would automatically connect and share information with the Facebook Graph API, even if the user does not have a Facebook account.
A few hours after the Motherboard published the article, the Zoom guys stated that they would retire the Facebook SDK for "collecting data from devices unnecessary for the operation of its service" stating that:
The data collected by the Facebook SDK did not include any personal information of the user, but included data about the users' devices such as the type and version of the mobile operating system, the time zone of the device, the operating system of the device, the device model and carrier, screen size, processor cores, and disk space
I doubt a lotIf not to say the least, the developers of the Zoom application did not always know what the Facebook Graph SDK was doing when they used it to log into their video calling services. People are increasingly aware that their data is theirs and cannot be marketed with them without the consent of the user.
Zoom claims that no this API did not collect user name, something very hard to believe When both Facebook and Google, the first thing they want to know is your name to be able to associate the whole series of data that they collect using the application or game that we are using with our account.
Is Sign in with Apple the solution?
We are at a point where it seems that we will never know what happens to our data. In the case of Zoom, our data was collected even if we did not use our Facebook account. This leads us to question whether our privacy is really protected if we use our Apple account to log in to applications or games through Sign in with Apple.
Signing in with Apple allows us to use our Apple ID to start using a game or application instead of our social network account or register through a form and associate the data with an email. According to Apple, Sign In with Apple is designed from the ground up to respect our privacy and give us full control over our personal data.
The first time we log in with Apple, applications such as games and websites may ask us for both name and email address to set up our account (Apple does not provide this data at any time, data that Google and Facebook obtain by giving them access to our respective accounts).
By using Sign in with Apple, we can use Hide My Email, Apple's private email transmission service to create and share a random email address and exclusive that it is automatically redirected to our email account associated with the Apple ID.
This function allows us receive messages from the developer without having to share our email address, an email address that only the developer can use to communicate with us. This Apple function does not create a profile, we are the ones who can create a different profile for each application when we sign up.
From the theory to the practice
Apple's theory is fine, but who assures us that the applications that use Sign in with Apple do not collect our data for third parties such as Zoom? In theory Apple has a series of guidelines that all developers must follow to be able to offer their applications on the App Store.
Are apps that use the Sign in with Apple feature more secure? Does Apple check one by one that device and usage data is not shared with third parties? In theory it should be like this. Time will tell if this new feature, which is not yet available in many of the applications and games available on the App Store is it really safe or is it more of the same.