Apple to require HTTPS connections for iOS apps
Apple’s security presentation during the Worldwide Developers’ Conference, revealed the deadline for all apps in App Store. All apps in App Store are to switch on an important security feature called App Transport Security by January 1,2016.
During a WWDC presentation, Ivan Krstic (Apple’s Head of Security Engineering and architecture) said, “Today I’m proud to say that at the end of 2016, App Transport Security is becoming a requirement for App Store apps” He further said, ” This is going to provide a great deal of real security for our users and the communications that your apps have over the network”.
App Transport Service (APS) is a feature that Apple debuted in iOS9. When ATS is enabled, it forces an app to connect to web services over HTTPS rather than HTTP. This keep the user’s data secured while in transit by encrypting it.
The letter “S” in HTTPS stands for secure. It appears in browsers when logging into banking or email accounts. Mobile apps aren’t often transparent with users security of their web connections. It isn’t easy to tell if an app is connecting via HTTP or HTTPS. However, developers can still switch ATS off and allow their apps to send data over HTTP connection until the end of the year.
Apple will make ATS mandatory for all developers who hope to submit their apps to the App Store at the end of the year. App developers who have been wondering can now rest as the deadline has been declared with the knowledge that security connections will be forced in all the apps on their iPhones and iPads.
Apple is joining a larger movement to secure data as it travels online. Whiles the secure portal is common on login pages, many websites use the plain old HTTP for most of their connections.