[ChrisMarshallNY]

That depends.

In the app we have released, we use an email (we don’t care which one, as long as it can receive email) as the login ID.

The main reason is to limit the data we require be stored on the server.

We only have one required PID item: the login ID. The user also enters a display name, but that can be anything, and does not need to be unique.

Since we need the email anyway, we would need to have it stored separately, so this means only one PID item is stored. We also afford Sign in with Apple, which allows the user to obfuscate their email.

Not having the information is the best way to ensure it doesn’t leak.

[antiframe]

Would it not be better to allow arbitrary login IDs? Then you don't even have to store email addresses?

[quitit]

It's not fully arbitrary, but one can make an Apple ID from any email address or phone number (i.e. you can use a hotmail address if you like), both approaches dodge the issue mentioned since they're not obviously apple accounts.

However the issue with using something like a gmail or hotmail account is that instead of targeting Apple's servers, they just target Google and Microsoft's instead.

[ChrisMarshallNY]

How would we send emails, then?

That's a requirement of the app, and why we need to store emails.