This article is more than 1 year old

Unexpected risks of using Apple ID: 'Sign in with Apple' will be blocked for Epic Games

Games dev pleads with users to set up a password before they get locked out

Updated Epic Games, which is currently in a tit-for-tat litigation spat with Apple regarding the in-app payment system on iOS, has warned its users that they will lose the ability to log into an Epic Games account via "Sign in with Apple" from tomorrow: 11 September.

Any user with an Apple ID has been able to use it to sign into Epic Games, but Apple will shortly block this from working.

Any user with an Apple ID has been able to use it to sign into Epic Games, but Apple will shortly block this from working

The ability to sign with Apple is not directly connected to running an Epic game on Mac or iOS. Rather, it is an option for a user to use their Apple ID as an identity for Epic Games as a third-party site. This can be convenient for users as it means they have one less password to keep track of. The same identity service is offered by Google, Facebook, Microsoft and others. It can be more secure to use one or two identity providers run by top technology companies, rather than using separate logins for every internet service, since the likes of Google and Apple are likely to run more secure systems.

Epic said in an update to users that: “Apple will no longer allow users to sign into Epic Games accounts using 'Sign In with Apple' as soon as September 11, 2020,” and urged its users to update the email address on their Epic account and to set an Epic Games password, so they will still be able to log in.

Apple touts “Sign in with Apple” as fast and easy, but does not mention the risk of lockout if it has a disagreement with the third-party.

Apple touts “Sign in with Apple” as fast and easy, but does not mention the risk of lockout if it has a disagreement with the third-party

A bug in the code

Get rich quick! Work from home! Earn $100,000 easy – just find a critical flaw in Apple's sign-in system

READ MORE

Some users may not do this in time, particularly if for some reason they missed an email from Epic entitled “IMPORTANT! Epic Games account update required for continued access.” The fact that Epic is requiring users to “update your email address with Epic Games” suggests that in some cases the email address held by the company could be wrong or missing. The email is critical as it includes a verification code that enables Epic to recover the account manually in case users do not respond in time. In the worst case, it seems plausible that users could lose access to their Epic Games account, more than inconvenient for those with a big investment in time and/or money.

Apple encourages users to “Sign with Apple”, claiming it is “fast and easy”, as well as respecting privacy. The ability to hide your email address is touted as one of its good features. However, The Reg missed the bit that says "If we have a dispute with the company you might get locked out."

It is a considerable escalation from simply blocking applications from running on iOS.

That said, bug-hunter Bhavuk Jain landed a $100,000 payday earlier this year after he reported a critical flaw in Apple’s sign-in system, potentially allowing an exploit that accesses all the user's accounts – from sites like Dropbox and Spotify to Airbnb.

Maybe using those convenient options to sign in with Apple, Google or Facebook is not such a good idea after all. ®

Updated to add

Epic now says it has got an "indefinite extension" from the iGiant, and its games on iOS won't lose their Sign in with Apple feature.

More about

TIP US OFF

Send us news


Other stories you might like