Apple sets Jan’17 deadline to enforce HTTPS connections for iOS apps by default


Yesterday at the annual Worldwide Developer Conference, Apple announced an important security deadline for all apps on the App Store to start using HTTPS as the default protocol for connecting to web services — January 2017.

App Transport Security or ATS is a feature debuted by Cupertino in the iOS 9 release. ATS is enabled by default and is aimed at improving the security connection between a user and third-party web services by enforcing HTTPS-based networking requests. An insecure HTTP-based connection request will thus fail.

However, app developers still have the option to flip the switch and disable the ATS and send app data over HTTP connections, but it would jeopardize the security of the users. Also ATS is not available on operating systems older than iOS 9.0 or OS X v10.11, so you need to update to browse the web securely.

The app developers have never been very transparent and forthcoming about the security of their applications, but Apple now wants to make sure that their user data is not exploited and sent over secure HTTPS-based network connections by the end of this year.

Security has become an important viewpoint for Internet services in today’s scenario, when cyber attacks are happening every other day and the data is being dumped on the deep web for anyone to exploit. Even the San Bernardino case has opened up Apple to accept stricter security policy reforms for its platform.

By the dawn of 2017, Apple will make it mandatory for app developers to submit apps compliant to the ATS norms to the App Store. And for those who’ve been wondering if they have some time to upgrade their apps and incorporate ATS into their apps, well you still have a good chunk of time to deploy the changes.

With this move, Apple is joining a larger mission to secure online data and prevent hijacking. The cybersecurity scenario is slowly transforming to accept the rapid growth in technology, as reported by Gartner. And if the online services do not accept the transformation soon, they would be a playground for cyber attacks by 2020.



Leave A Reply