Wednesday, June 15, 2016

Apple to Require HTTPS

Earlier this week at a security presentation at WWDC, Apple announced that iOS apps have until January 1, 2017, to enable a security feature called App Transport Security.
ATS was first introduced with iOS 9, and it forces apps to use HTTPS connections rather than HTTP connections when connecting to the web. The more secure connection type authenticates connections and encrypts data transmissions, meaning data cannot be easily read if improperly accessed.
The feature is particularly important in banking and messaging apps, but soon ATS will be mandatory across all apps sold in the App Store.

Currently, ATS is opt-in, which allows apps to send unsecured data over the internet. Moving to HTTPS connections ties in with Apple's stance on privacy, best exemplified in its refusal to unlock an iPhone used by one of the shooters involved in the San Bernardino massacre.

No comments:

Post a Comment