Wednesday, September 9, 2020

Epic Barred From “Sign in With Apple”

Epic (tweet, Hacker News, MacRumors):

Apple will no longer allow users to sign into Epic Games accounts using “Sign In with Apple” as soon as September 11, 2020. If you have previously used “Sign In with Apple”, please update your Epic Games account email address and password immediately so that you can still login after September 11, 2020.

Apple doesn’t retaliate, but it considers it more important to hurt Epic (and make an example of it) than to help its own customers who placed their trust in its service. As a user, I would rather rely on a password manager than a login provider. As a developer, it’s a harder choice because many users like universal logins. Apple doesn’t let you support other third-party login providers without also supporting Sign In with Apple.

Riley Testut:

Lesson: Don’t use “Sign In with Apple” unless you want Apple to be able to remotely kill all your user accounts…

Nathan Lawrence:

If you’re Epic, it stinks, but you know it’s coming — you can scarcely retain API keys without a dev account — and can prepare. Not so if you’re an indie accidentally flagged for abuse by one of the large companies in control of these sign-on systems. You just lose customer data.

The entire point of open authentication standards once was that auth could be democratized and open, and you could choose an identity provider that worked for you and fit your personal standards — even your own server.

Now, it centers even more power on large companies instead.

Tanner Bennett:

Apple is really shooting themselves in the foot here, just to spite someone…

They’re NEVER going to fully recover from this battle, not in the next 20 years at least. Their new reputation for being a petty, spiteful bully is basically set in stone at this point.

Not to mention all the developer trust they’re eroding with this. They now also have a reputation for offering services that can be revoked at any time (not to mention having the ability to remove your app at any time and make you go bankrupt…), which is not appealing.


Update (2020-09-11): Viruthagiri Thirumavalavan:

This “Sign in with Apple” issue with epic games is not “personal” as you think. It’s because of the patent claim I wrote to protect my invention.

He developed a service called Dombox, which he says Apple copied. Whether or not that’s actually the case, the interesting part is that Dombox’s pending patent only applies to services that don’t have a native mobile app. And Apple, perhaps not coincidentally, says that “An app on the App Store is required” in order to use the Sign In with Apple API. Well, thanks to Apple closing Epic’s developer account, they no longer have an app on the App Store.

I’ve also seen speculation that it’s technically not possible to use Sign In with Apple without a developer account, e.g. because of certificate renewal. This is probably true, but I don’t think it really changes anything with the story. Apple is the one that tied its service to an account that does so many other things. And it’s the one who chose to terminate the account, when that was not necessary to block the offending app from the App Store.

Fortnite Status:

Apple previously stated they would terminate “Sign In with Apple” support for Epic Games accounts after Sept 11, 2020, but today provided an indefinite extension.

I guess Apple’s not afraid of the patent, or perhaps that’s why they are calling it an indefinite extension.

Francisco Tolmasky:

Forget what developers think of Sign In with Apple, as a customer, I’m never going to use it again. I was already skeptical of routing all my email communications through Apple, but the fact that Apple can drop it arguably affects me more than the developer.

In the best case scenario, it’s a hassle for me to have to transfer my account in an event like the Epic situation. In the worst case, it seems like I could potentially lose my account? Maybe that doesn’t matter for a game, but I certainly won’t trust it for stuff that matters.

I’m really not impressed with this “it’s such a weird edge case!” excuse either. Only at Apple is it considered an edge case that your service could possibly also exist outside the AppStore, and thus someday possibly exist only outside the AppStore.

Update (2020-09-14): Jay Peters:

When reached for comment about yesterday’s news, Apple told The Verge that it was not doing anything to stop “Sign In with Apple” accounts from working with Epic Games. So there’s some kind of discrepancy in who is telling the truth, as Epic is maintaining that Apple was previously enforcing the shutoff (and the way Epic is talking about it, still possibly could). Apple did not immediately reply to a request for comment about today’s development.

Since we know that Sign In with Apple requires a developer account, which Apple terminated, it seems like Apple is trying to make it look like Epic was lying, while actually working behind the scenes to either lift that technical requirement or provide some sort of limited functionality account.

Update (2020-09-30): John Gruber (tweet):

I spent a few hours back on September 9 digging into this SIWA story, and multiple sources at Apple told me Epic’s claims were simply false. There was never a September 11 deadline for their SIWA support to stop working, and in fact, Apple’s SIWA team performed work to make sure SIWA continued working for Fortnite users despite the fact that Epic Games’s developer account had been revoked. There was no “extension” because Apple was never going to revoke Epic’s SIWA access.

It seems that the Apple sources lied to Gruber because Epic’s court filings include e-mails stating that Apple is “terminating SIWA for the Epic Games, Inc. account” and giving an “extra two weeks” extension. Apple has a history of misleading the press when defending itself.

3 Comments RSS · Twitter

I think there’s a lesson here:

- Current Apple not only Sherlocks software, they also Sherlock banking, enterprise security, and entertainment and other “services.”

- What’s been “Sherlocked” won’t be the same as the original service because while “great artists steal” they won’t understand what they stole, it’s just an “acquisition” — centralized security isn’t good security at all but there’s no one at Apple who seems to understand that and they keep getting powned.

- And as we’re discovering, it’s prone to abuse. Did Apple understand that all those users are Apple users first and Epic users second? Is there anyone over there thinking through ripple effects of damage to users and devs when they turn core technologies OFF? Not just cancelling a dev or an app but an entire subset of your customers who you wanted to rely on that technology? Who won’t trust it again?

‘Sign in with Apple” should be immutable/available to all iOS users full stop. I shouldn’t have to state this it should be obvious.

“Sign in with Apple” also affects functions outside the games like billing or did Apple just assume? Apple just cut off iOS users and maybe needs to Google “Tortuous Interference”.

As a Mac developer, I'm looking at getting my app off the Mac App Store and to direct sales as soon as possible. I can't be the only one.

Not that I'm planning to violate Apple's rules, or afraid that they'd come after me. I'm just tired of it all. It's been far too much trouble, for far too long. There's been great dissatisfaction with the MAS for years.

I hope someone, somewhere with follower, could gather enough developers and pull out of iOS and Mac App Store.

While I disagree with Epic on the payment, ( I have much more problem with Apple charging 30% of Teaching Class or Education usage, but not Gaming ). This Apple Sign in is way too much. Adding to the constant bagging about how Apple is so righteous, this Tim Cook's Apple feels very early 2000 Google. And it stinks with hypocrisy.

That is vastly different to Steve Jobs' Apple. Arrogant yes, but willing to admit mistakes while not bullying others.

Leave a Comment