> Yeah, the service will essentially be a man in the middle on the account, and I believe it will be very important to communicate that with users.
No, it will be very important not to do it, because you are knowingly busting security open on Apple IDs with your service and think that educating users is the best way to mitigate that. We all know most of your users won't know any better. The better way to mitigate it is to not accept Apple IDs in the first place.
If you launch that service, I would feel obligated to tip off the iCloud folks that you're knowingly compromising Apple IDs. That isn't because I want to see you fail, but because you are compromising Apple IDs and your users are caught in the middle.
This is an idea you should let go. I know that sucks to hear.
I generally hate posts that are just a +1 to something, but I feel your point is important enough that it needs echoing. I as well will do the same as you if I see a service like this.
No, it will be very important not to do it, because you are knowingly busting security open on Apple IDs with your service and think that educating users is the best way to mitigate that. We all know most of your users won't know any better. The better way to mitigate it is to not accept Apple IDs in the first place.
If you launch that service, I would feel obligated to tip off the iCloud folks that you're knowingly compromising Apple IDs. That isn't because I want to see you fail, but because you are compromising Apple IDs and your users are caught in the middle.
This is an idea you should let go. I know that sucks to hear.