upvote

points

by no-name-here11 hours ago |
comments
upvoteby ItsBob9 hours ago|
[-]
It's for your login and payments. I need to verify that you are authenticated somehow and Google/Apple also handle payments.

You "Login with Apple" or "Login with Google". They manage the login entirely and pass me your id and an access token (assuming you pass their login test). I store that in my DB so that your data from the app can sync (the paid-for app syncs your training data to my backend but I match it only based on the Google/Apple id.)

The alternative is that I build my own auth system and I'd need to store something you can type in the next time, e.g. email/password address etc.

If you have an Android/Apple phone you're already authenticated with them. I just need Google/Apple to say "this guy is cool, let him in" and I then use the id to check if you've paid, sync your training data etc.

On its own, the id is useless! Means nothing and cannot be traced back to a person. I genuinely do not know your name, email, what country you come from, GPS data, CC data. Nothing at all!

I don't want your data.

reply
upvoteby trumpdong5 hours ago|
parent|
[-]
If I'm using an app I'm very skeptical of "Login with Google" because I have no way to verify that you're only getting a random identifier and not my email address. I prefer to sign up with a proxy email address.
reply
upvoteby thewebguyd4 hours ago|
parent|
next
[-]
At least with "Sign in with Apple" you can choose to give a random alias that forwards to your email. I do this for every single service I sign up for. Completely unique Email + password for everything.
reply
upvoteby ItsBob5 hours ago|
parent|
prev|
[-]
It's built into Android/iOS and an accepted way of logging into an app. The app store page (when it's released) shows exactly what I need: practically no information at all.

Google handle the payment and the subscription too (same with Apple) and that's a very common pattern too.

I understand the skepticism though.

reply