back to article Unexpected risks of using Apple ID: 'Sign in with Apple' will be blocked for Epic Games

Epic Games, which is currently in a tit-for-tat litigation spat with Apple regarding the in-app payment system on iOS, has warned its users that they will lose the ability to log into an Epic Games account via "Sign in with Apple" from tomorrow: 11 September. Any user with an Apple ID has been able to use it to sign into Epic …

  1. The Man Who Fell To Earth Silver badge
    FAIL

    Users will lose the ability to log into an Epic Games account via "Sign in with Apple"

    Oh, the horror of the inconvenience!

    This is vastly more important than those pesky things people make stinks about like famine, genocide, and environmental devastation.

    1. tiggity Silver badge
      Happy

      Re: Users will lose the ability to log into an Epic Games account via "Sign in with Apple"

      .. this is (primarily) an IT related news site.

      I go elsewhere for my 4 horsemen of the apocalypse style news

      1. The Man Who Fell To Earth Silver badge
        FAIL

        Re: Users will lose the ability to log into an Epic Games account via "Sign in with Apple"

        Poor baby. Epic Games is only "IT" as much as the movie business is. And like the movie business & Sports business, it's primary business is actually Entertainment.

        1. Noodle

          Re: Users will lose the ability to log into an Epic Games account via "Sign in with Apple"

          If you don't think designing and running a multi-player game infrastructure capable of hosting 10 million concurrent players qualifies them as a technology company then I'm not sure why you're reading this website. By that logic Uber and Tesla aren't technology companies either.

          1. Anonymous Coward
            Anonymous Coward

            Re: Users will lose the ability to log into an Epic Games account via "Sign in with Apple"

            They aren't. Tesla make cars. Uber are a glorified mini cab firm.

            1. This post has been deleted by a moderator

    2. Wellyboot Silver badge

      Re: Users that they will lose the ability to log into an Epic Games account via "Sign in with Apple"

      To the users who may be about lose all access to several hundred $/£ worth of games expediture it may well be.

      I'll point out that it has been said many times here that using 3rd party 'anything' puts you at the whim of those third party companies.

      Apple dumping on it's users who happen to have an Epic account seems a very short sighed move.

      1. iron Silver badge

        Re: Users that they will lose the ability to log into an Epic Games account via "Sign in with Apple"

        Including the whim of a party who decide that the rules don't apply to them because they want more profit so proceed to screw their users over by picking a fight they can't win. The same party that thought the mess of console exclusives was too good a profit opportunity not to bring it to PC.

        Epic dump on all PC gamers, not just the ones who play their games. Supporting them is the short sighted move.

        1. DavCrav Silver badge

          Re: Users that they will lose the ability to log into an Epic Games account via "Sign in with Apple"

          "Including the whim of a party who decide that the rules don't apply to them because they want more profit so proceed to screw their users over by picking a fight they can't win."

          Sorry, are you talking about Epic or Apple?

          1. jelabarre59 Silver badge

            Re: Users that they will lose the ability to log into an Epic Games account via "Sign in with Apple"

            Sorry, are you talking about Epic or Apple?

            Yes.

      2. Anonymous Coward
        Anonymous Coward

        Re: Users that they will lose the ability to log into an Epic Games account via "Sign in with Apple"

        Nothing stops a user from linking an Epic ID to an Apple ID like just about every other account system that lets you use 3rd party credentials. Except a users stupidity. So while the Apple ID might be a convenience, the users didn't have to be locked out.

      3. karlkarl Silver badge

        Re: Users that they will lose the ability to log into an Epic Games account via "Sign in with Apple"

        This is where I normally would ramble on about the risks of DRM...

        But I have refrained (low battery on my laptop). You are a lucky person.

        1. Anonymous Coward
          Anonymous Coward

          Re: Users that they will lose the ability to log into an Epic Games account via "Sign in with Apple"

          Don't bother. Too many Epic Employees trolling this forum.

      4. gnasher729 Silver badge

        Re: Users that they will lose the ability to log into an Epic Games account via "Sign in with Apple"

        Apple cancelled its contract with Epic. Among all the things that Apples 30% commission pays for are services like login using AppleID. No pay, no play. All Epic’s fault.

    3. anothercynic Silver badge

      Re: Users will lose the ability to log into an Epic Games account via "Sign in with Apple"

      This is an article about authentication and authorization technology (i.e. 'Sign in with Apple'). It is, given the short notice, a big problem for hundreds of thousands of users. *You* may not see the problem here, but I do (given how I worked on single-sign-on systems for the better part of a decade and know both the benefits and the pitfalls of them).

      If you choose to trust a third party with your login details, you better trust them to behave like adults and not get their users stuck in a petty p***ing contest. Apple is choosing not to behave like an adult (not that Epic covered themselves in glory either, but they're not the ones cutting off access to SIWA), and thus, this is an IT and legal issue. It's stupid, petty and will for some be the last straw to tell Apple where to stick their ecosystem and their hardware.

      I don't play games, so Apple GameCenter, Apple Arcade, Epic etc don't affect me, but then again I absolutely categorically choose to not put my eggs in the 'log in with a third party ID' basket either. I don't trust Google, Facebook, Microsoft or Apple with that... I'll stick to a password vault.

      1. Anonymous Coward
        Anonymous Coward

        Re: Users will lose the ability to log into an Epic Games account via "Sign in with Apple"

        AppleID isn't a single sign on....

        1. anothercynic Silver badge

          Re: Users will lose the ability to log into an Epic Games account via "Sign in with Apple"

          I didn't say that either. Read my original post again. CAREFULLY. Then tell me again when you lose access to your Apple ID and you can't log into anything anymore... and anything that supports SIWA despite not being an Apple service.

        2. Falmari

          Re: Users will lose the ability to log into an Epic Games account via "Sign in with Apple"

          True but anothercynic never said it was. All he said was he had worked on single sign on.

          As AppleID will share many of the benefits and the pitfalls of single sign on, having worked on SSO anothercynic, will have a certain insight and views on this article.

      2. jelabarre59 Silver badge

        Re: Users will lose the ability to log into an Epic Games account via "Sign in with Apple"

        again I absolutely categorically choose to not put my eggs in the 'log in with a third party ID' basket either. I don't trust Google, Facebook, Microsoft or Apple with that... I'll stick to a password vault.

        Same here. The only occasions I will use a "Sign in with your MegaBlob ID" is if that sign-in specifically needs access to information/services from MegaBlob. Even at work, where they are using mail/services from MegaBlobCorp I will avoid selecting that, even though my email is handled through their services. I create a new account with whomever, and give it a unique password. No relying on a "single point of fuckup/fuck-you".

  2. tiggity Silver badge

    Bad decision

    Let Epic & Apple have their legal battles as much as they like.

    Revoking the Apple related login at ludicrously short notice is bad for customers.

    It mistakenly assumes

    People check their emails almost daily.

    People are in a position to check emails daily (e.g. someone on holiday, no access to their PC, shit reception so cannot get emails on their mobile)

    Everyone will regard the "IMPORTANT" screaming email as legit and not some dodgy fishing attempt.

    The Epic / Apple spat, should not be shafting customers - which this potentially can. Lets hope Epic put something in place so people who cannot change login method in time do not lose access (else I see legal action from customers flying toward Epic)

    Disclosure - not an Apple user, not played an Epic game for probably a decade, so no skin in this game, just peeved that paying customers treated like irrelevant collateral damage by a big company

    1. lglethal Silver badge
      Go

      Re: Bad decision

      I didnt actually see it completely spelled out in the article, but does anyone know if this Epic's decision to pull the Apple login? Or did Apple pull the login away from Epic?

      1. rtharrison

        Re: Bad decision

        RTFA!

        "Epic said in an update to users that: “Apple will no longer allow users to sign into Epic Games accounts using 'Sign In with Apple' as soon as September 11, 2020,” and urged its users to update the email address on their Epic account and to set an Epic Games password, so they will still be able to log in."

        Done from Apple's end.

        1. Tabor

          Re: Bad decision

          “Done from Apple's end.”

          Absolutely. But I can’t help but wonder : since when did Epic know about this ? Apple *requires* the option to use Apple ID for app on iOS that also offers other 3rd party authentication (FB, Google, MS). I don’t know if Apple ID sign in blocking is mentioned anywhere in the T&C’s of a developer account, but if it is Epic should have known when they knowingly breached those T&C’s.

          Either way I don’t really care who wins. Though we have a couple of bets running in my team, Apple seems to get the best odds so I put my 5 euros there. I expect the winners will be able to collect in a decade or two.

          1. parperback parper

            Re: Bad decision

            Yes, Apple uses its monopoly power not only to force you to use their payment services, but force you to use their identity services too.

            1. Anonymous Coward
              Anonymous Coward

              Re: Bad decision

              They force you to make it available as an option for identity services, not to exclusive usage. This is in the interest of the end user as well as Apple as there is more control over personal data usage, right down to the users real email address.

        2. gnasher729 Silver badge

          Re: Bad decision

          It's more like "Epic lost its developer account. So Apple isn't doing _anything_ for Epic right now. " Amongst other things, if _Epic_ asks Apple about "Sign in with Apple ID", they get a 403 access denied. Or is it 401? Or if Epic tries to send a push notification. That's one of many things Epic's 30% pays for.

      2. David 132 Silver badge
        Facepalm

        Re: Bad decision

        It’s the latter. Neither company has covered itself with glory in this whole saga, but this latest development is Apple being rather petty.

        They might have shot themselves in the foot here; technically they’re entitled to withdraw AppleID support from any party with whom they’re in legal dispute, but it’s not going to reassure all the other companies/sites that use the service.

        What next Apple, a patch for Safari so that it will refuse to load the Epic Games homepage?

        1. gnasher729 Silver badge

          Re: Bad decision

          There is being in dispute, and there is being in court proceedings, that the other side had long planned. Epic was in deliberate and well planned violation of their developer agreement. They intentionally hid their changes so they were not detectable during a review. As a result, Apple is refusing to have any business relationship with Epic.

      3. gnasher729 Silver badge

        Re: Bad decision

        It was Epic’s decision to breach their contract with Apple in the most egregious way. Right now Apple is actually accusing Epic of theft. As a consequence Apple stopped any services It provides for Epic.

    2. Lee D Silver badge

      Re: Bad decision

      I regard this the same as the Amazon Prime Video / Google Chromecast spat.

      You guys sort it out. All I know is that I have Prime Video, and Chromecast hardware. I'm not going to buy a Firestick to stream my videos, nor am I going to rebuy them on Google Play Movies.

      If you don't want to work together, fine. I'll literally choose one or find an alternative to you both and then even when you "fix" the "problem" (of your own making), then I'll not return to whatever ones I decided to turn off.

      You play your petty tit-for-tat (i.e. you couldn't buy a Chromecast via Amazon for a while, I don't know if you still can?). As a customer, I'll adjust my purchasing accordingly - especially as regards your interoperability with other services that I use. And at least one, and maybe both, of you will lose out on my custom in the future.

  3. overunder Silver badge

    Screw them both, but I did notice this...

    - "...Bhavuk Jain landed a $100,000 payday earlier this year after he reported a critical flaw in Apple’s sign-in system"

    O.K., this might sound like "greedy me", but companies need to pay these bug hunters A SHIT TON MORE. I bet it will cost Apple more to disable this stupid login.

    This reminds me of the early days of NBA, NFL, etc. when players were paid pittance for their time (and in this case physical health). What is really stark is that this is one of the highest valued US companies paying what...?

  4. Andy The Hat Silver badge

    Am I missing something?

    How does

    "Never reuse passwords"

    square with

    "It can be more secure to use one or two identity providers run by top technology companies, rather than using separate logins for every internet service"?

    Just getting ready to use my Facebook password to log into my bank account ...

    1. Dinanziame Bronze badge
      Boffin

      Re: Am I missing something?

      Never reuse your passwords: Because if you use a password to log in at shitty-security.com and they get hacked, or dodgy-site.com and they sell it, or even att.com and they tell it to whoever on the phone claims to be you, then people can use your password to log into your bank account. When you reuse passwords, all your accounts are only as secure as the least secure of them all.

      If you use an identity provider, then any website you use that is hacked, dodgy or incompetent can at most reveal: "This guy's email address is xxx@gmail.com", and that doesn't let anybody log into your bank account. This of course assumes that the identity provider itself, whether facebook, apple or google, in not hacked, dodgy or incompetent.

      1. Andy The Hat Silver badge

        Re: Am I missing something?

        "This of course assumes that the identity provider itself, whether facebook, apple or google, in not hacked, dodgy or incompetent."

        Which was basically my point. Person A grabs my FB signin (though we all know that FB accounts are never ever hacked ...) and away the naughty person goes ... Instead of having access to one site they've now got credentials for 10 or 20 ...

      2. Anonymous Coward
        Anonymous Coward

        Re: Am I missing something?

        With Sign in with Apple it may not even reveal the persons real email address, but a private one Apple setup per site that automatically forwards to the real one.

  5. gnasher729 Silver badge

    Why is this happening?

    The problem is that Epic didn't just manage to get Fortnite removed from the App Store, but they got their developer account removed. So anything related to Epic will stop working. I suppose to login with AppleID, these third party apps call an Epic server for help, and Apple doesn't talk to any Epic servers anymore. Well, it is a bit messed up.

    The third party apps can probably fix this by doing login with AppleID on their own servers, under their own developer accounts.

    1. DS999

      Re: Why is this happening?

      What "third party apps" are you talking about? Epic licenses its Unreal Engine to third party developers, but this change won't affect their ability to sign in with Apple. It only affects apps developed by Epic itself.

      Originally Apple was talking about making changes that would have affected games using Unreal Engine, but they wisely backed off from that as bringing innocent third parties into this quagmire is not in anyone's interest.

      1. parperback parper

        Re: Why is this happening?

        They didn't wisely do anything. They were ordered to back off by a judge.

  6. Pascal Monett Silver badge
    Thumb Down

    How very petty

    I have no idea if there is an underlying technical issue with this move, but Apple targeting Epic Games alone makes me think two things :

    1) Apple is being extremely petty, on top of being unreasonable, inconsistent and a complete control freak

    2) I would love to see how Apple justifies that in court

    If there is a technical issue around the security of logging in with an Apple ID, then Apple should be cutting off that functionality for everything, not just for Epic Games.

    It looks like Apple is on its way to becoming the Trump of the IT industry.

    1. doublelayer Silver badge

      Re: How very petty

      There is no technical issue. Since Epic violated the agreement, Apple is cutting off all the services they used to provide to Epic. Some of that is going to affect Epic's customers. Apple knows that and accepted the consequences. Epic knew this would happen to them and affect their customers. They chose to take that risk. Who you blame for the pain to the customers is your choice. I can't even bother to make up my mind anymore.

  7. doublelayer Silver badge

    More secure? Only maybe

    "It can be more secure to use one or two identity providers run by top technology companies, rather than using separate logins for every internet service, since the likes of Google and Apple are likely to run more secure systems."

    That is true, which is why it's so important not to reuse passwords. However, while your password is likely more secure when the big four are the only people who have it, here are some other things that can happen:

    Privacy nightmare: Any time you want to log in to something, your provider knows where, when, and how. Including things they have nothing to do with. Do you trust them to have that information? If they ever do get hacked, all your information is neatly stored in one place.

    Companies can take it down for you: If they feel like it, the authorization providers can cut off your account or the ability for places you use to use that sign in. In the former case, you lose the ability to log into anything. In the latter, just the specific place (that's this article). Either way, your access could be disabled by someone who isn't the place you're interacting with.

    Single point of failure: If the service you're using has a technical issue, or your ISP or theirs has an issue, you could lose access to all your SSO abilities even though you don't have any problem accessing the thing you'd like to log into.

    Openness to breach: If your account isn't well-protected, for instance because someone offered you the option to log in with another party but served you a spoofed page which you didn't catch, they could be able to log into other services as you. While all four of these companies offer multi-factor authentication and it's usually well-implemented, that doesn't mean that everyone has that turned on and configured securely. If they don't, this could be a lot like reusing a password.

    Compare this with a password manager, and in each case the password manager will win. Use one.

    1. DS999

      Re: More secure? Only maybe

      It should still be more secure even if you don't reuse passwords. If I have logins with 50 different sites, with 50 different passwords, odds are much higher that one of those sites will get hacked. Maybe I'm overly optimistic, but I assume companies like Apple, Google, Facebook et al that run these federated ID services have more resources to keep their data secure than a small site like say The Register - who I doubt would have a single full time IT security guy versus the armies the big dogs can muster.

      Sure, it would be very bad if one of them was compromised but AFAIK there's never been a report of one of those federated ID services being compromised and having passwords extracted. Not saying it isn't possible, just (hopefully) unlikely. And even if it were, there isn't anything important protected by it. People aren't using "login with Facebook" to access their bank or brokerage. If their Fortnite account was hacked, they might be upset but it would hardly mean a big financial toll.

      1. doublelayer Silver badge

        Re: More secure? Only maybe

        I'm afraid I don't agree on either point. A site can get hacked in a variety of ways, including in a way that allows someone to provide a password and impersonate a user. Just because they originally didn't do so doesn't make the site any more secure unless the site requires third-party sign-in. If the site does require it, it can still be hacked in such a way that the information available to a user is stolen.

        On the subject of nothing important being connected to such accounts, you might be surprised. You're correct (I really hope) that no banks or email providers let people do this. However, places which do have this option include places which process payments, collect names, addresses, and phone numbers, enable access to potentially-sensitive documents, or can be used to impersonate someone. A lot can be done with access to lower-level accounts.

    2. MachDiamond Silver badge

      Re: More secure? Only maybe

      Doublelayer,

      Well said. It's also easier to work with customer service of the company you are having login issues with directly. A friend of mine almost lost his domain name because a person he had a falling out with held the password and was no longer reachable. We were able to convince the registrar to transfer the name to my friend (a blues singer and the domain name was his name) and let him pay the registration to keep it from expiring. It's always the best course to deal directly with vendors and not through a third party. The whole point of "sign in with...." is tracking and advertising. All the participants get to share in the data that's derived. Companies such as Apple, Google and Facebook get to build an even more comprehensive database on people via the services they use and how often they use them.

  8. This post has been deleted by its author

    1. eldakka Silver badge

      Re: If you are older than 15 and still playing computer games...

      If you are older than 15 and still playing computer games...

      ...then you seriously need to grow up. End of.

      Tell that to the people who make millions of dollars a year through e-sports, that is, playing computer games.

  9. Anonymous Coward
    Anonymous Coward

    Epic are criminals, when they disappear of the planet no one will care.

    1. jelabarre59 Silver badge

      Actually, I would like to see Roblox fall off the face of the earth (preferably in a head-first crash into the sun).

  10. neilfs

    What would you call it?

    It may not match the exact measure of what you define genuine single sign-on to be (what measure does it fall short on?), but for most users they have a single identity which allows them to sign-on to many different services, for those this is a single sign-on solution.

  11. Facts-are-Facts

    Free ride

    Epic games want a free ride on Apple's back and Apple said no.

    Now the poor baby is crying.

    1. Falmari

      Re: Free ride

      “Epic games want a free ride on Apple's back”

      What free ride? Epic wrote the software not Apple. All Apple did is put restrictions in Epic’s way:-

      1. Must purchase a dev account.

      2. Must use specific dev tools and languages.

      3. Can only be installed through Apple’s app store.

      Then Apple want 30% of any revenue generated, who wants a free ride?

      But Apple created the IPhone and IOS, is that is what you meant by free ride? Surely not Apple has already been paid for the IPhone and IOS. Why should IPhone owners have to pay another 30% on the purchase price of software they wish to run to Apple.

      Epic develop for other platforms that don’t require a dev account or have to use specific tools and languages. The software can be installed in multiple ways even through Epic’s own store. Microsoft allow this on Windows. So, Microsoft must be giving all those developers big and small a free ride on Windows. I never knew Microsoft was such a benevolent company.

      Also for Fortnite Epic allow cross platform purchasing which must also break Apples rules. From their website:-

      Q: Do I still have access to all my items and progress on all other platforms?

      A: Yes. As long as you’ve linked your platform account(s) to your Epic Games account, all purchased content is present and all progress is recorded across all supported platforms.

      It seems to me, Epic are not looking for a free ride any more than Apple, both are looking to maximise their profits. It will be all down to who needs who most. At first glance it looks like Epic need Apple more software companies need platforms to develop for. But if other large Development Houses look to follow Epic then it maybe Apple. A platform without developers will not remain a platform for long.

      And no I don't own an IPhone or Fortnite (not sure I even own an Epic game).

      1. MachDiamond Silver badge

        Re: Free ride

        Epic agreed to the terms and instead of negotiating with Apple for better terms at the next contract renewal, they explicitly breached the contract. Epic knew that they were doing this as they had all of their lawyers in a row to file suits when Apple caught them.

        If Epic had told Apple that if they didn't get better terms, they'd make Fortnite Android only (and told Google the same sort of thing), Apple might have looked at the ledger and decided to make some adjustments if it made sense. 30% sounds like a really big cut, but for small transactions, it's not. If the cost for the transaction is $.20, a $1 buy only brings in $.10 or 10%. If the average buy is $50, the cost per transaction of $.20 is lost in the weeds. This is just pulling numbers out of thin air, but illustrates where the numbers are more important than the percentages. Other times the percentages are more important than the numbers.

        1. Falmari

          Re: Free ride

          I am not commenting on the rights and wrongs of what Epic did and the contract. I am replying to the post that Epic wants a free ride. Stating in my opinion that is not Epic looking looking for a free ride but Apple expecting 30% of revenue generated from software written for the IPhone.

  12. Beeblebrox

    Maybe using those convenient options to sign in is not such a good idea after all.

    But by not using one of these convenient options one limits the ability of Apple/Google/Facebook etc to use one's data.

    If I don't use this to sign in to Epic, are they going to know how often I use the Epic platform? Will I miss out on some targeted ads?

  13. mankymanningBS

    So it turned out Epic made it up

    ...and Apple's statement before this was they weren't planning on ever doing it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020