Hacker News new | ask | show | jobs
by vladvasiliu 2174 days ago
I agree with the sibling in that defaults are powerful.

However, I've never built anything directly used "by the public", nor am I very familiar with how Apple Sign in works.

So I'm wondering, as the developer of a trustworthy app, what's the drawback in the user giving an obfuscated address?

Is it not possible for you to contact the user using this address? Does the user have to manually allow getting mail to this address or somehow jump through some hoops to read it?
1 comments
tigershark 2174 days ago
As explained in the article a lot of people use the iCloud mail for their apple account and they don’t check it because they use another provider main mail address. Furthermore if they contact them from their email for support they have no way to associate it with the mail registered in the system, so they can’t help them. If you ask me they seem both very valid points.
link
aflag 2174 days ago
Can't they just ask the user to open the app and send them some identifying number they can find in the ui?
link
thomaslord 2173 days ago
Not if they have no ability to reply to the user in the first place. The user may also be contacting support because they lost access to their account and not be able to access the identifying number.
link
aflag 2173 days ago
If the user emails them they can certainly reply. It's just a matter of showing their email somewhere. The ID can be shown before the user logs in. That would not be less secure then relying on the email to reset the password. If someone is able to access the user's unlocked phone, they probably can access their email account too.
link
vladvasiliu 2174 days ago
> if they contact them from their email for support they have no way to associate it with the mail registered in the system, so they can’t help them.

Thanks for the clarification, I didn't think of this scenario.

This looks like a pretty big problem, as I can imagine a situation where the user doesn't have access at all to the app and may not have kept the initial email with any identifying info.

Isn't there an easy way for the user to know which obfuscated address was used for which app?

link
morberg 2174 days ago
Do you have a number for “a lot of people”? I am very skeptical of this data point.

This email address is used for a lot of communication with Apple, e.g. receipts from App Store.

link
sam_goody 2174 days ago
Receipts from the app store go to my gmail account.

I bought my iMac on the Apple store, and the receipt was also sent to my personal account.

link