It's also likely that 99% of users have no reason to share their email with you. Also, your app is extremely untrustworthy. It sounds like a random app you find by searching for key words. You're not Microsoft or Google, you have no reputation or credibility. They have no relationship with you, they don't know you, they likely have never interacted with your company before this.

If I need an email to verify I'm not a bot, that's fine. But if a trusted 3rd party can verify I'm not a bot, then the only reason you would want my email is to do something unethical with it: namely, use my data in a way that I never intended gave you permission to use it.

Being default probably helps, because most people don't know they're doing with software and just accept the defaults assuming they're best practices. If the default were to share the email, you might see more people sharing email, but I would argue it's because people don't know they can and should obfuscate it.

This is anecdotal but if I could chose not to share my email with things I sign up for, I wouldn’t have a gmail address used solely for signing up to things. I can’t think of a single thing that I’ve ever signed up for that I actually wanted to have my email.

So sure, it’s default, but unless I’m unique some people will see the default and go “why isn’t every 3rd party login like that?”.

My recollection is the first time I used Sign In With Apple it forced me to choose (no default), and after that it defaulted to my last choice.

I expect 99% are obfuscating because that’s the sensible choice to make. Giving an app my real email should only be done if there’s an explicit need for this, such as being able to log in from non-Apple devices.

I agree with the sibling in that defaults are powerful.

However, I've never built anything directly used "by the public", nor am I very familiar with how Apple Sign in works.

So I'm wondering, as the developer of a trustworthy app, what's the drawback in the user giving an obfuscated address?

Is it not possible for you to contact the user using this address? Does the user have to manually allow getting mail to this address or somehow jump through some hoops to read it?

Why do you need my email address? I wouldn't give it to you just so you can have bad database security and then have my email dumped somewhere.

Why is it a problem for you?

Most likely. Never underestimate the power of defaults

>My app isn’t untrustworthy at all either.

That's up to the user to decide. For me trustworthy = something like Basecamp, Amazon, etc, not some random small app.

Yes i obfuscate by default but as a user it’s also not immediately apparent to me that this would cause unintended side-effects. It’s really up to both the app developer and Apple to enable good user experience by designing around human behavior, rather than trusting the user can always make those decisions.

I choose to obfuscate because I don't want every app I download to have my email address.

"My app isn’t untrustworthy at all either. It’s an experimental ..."

There is a big contradiction in there...

Everything experimental is by definition untrustworthy.

I can have an ongoing relationship with an app without that app’s developer having an ongoing relationship with my inbox.

Your primary iCloud email address is meant to just be your main email address, including non-Apple email addresses.

They tie it to whatever your Apple ID primary email is. This is only your iCloud email if you've deliberately made one, which isn't the default.