One of the backend improvements in iOS 9 is a strengthening of app security when accessing data from webservers. The new App Transport Security (ATS) feature ensures that only connections encrypted using HTTPS are permitted. There’s just one problem with that: not all advertisers use HTTPS, so ATS will stop some ads appearing in apps.
Google has responded by providing developers with five lines of code that allow them to disable ATS …
While Google remains committed to industry-wide adoption of HTTPS, there isn’t always full compliance on third party ad networks and custom creative code served via our systems. To ensure ads continue to serve on iOS9 devices for developers transitioning to HTTPS, the recommended short term fix is to add an exception that allows HTTP requests to succeed and non-secure content to load successfully.
Given that Google is a strong proponent of HTTPS, and has a stated commitment to using the protocol for ads as well as everything else, it’s perhaps not surprising that the company has come under flack for the move. Re/code says that some see it as prioritizing ad revenue over security.
Google updated its blog post to emphasize that it suggests this only as a last resort. It should also be noted that the code it has provided utilizes an exception capability provided by Apple itself, suggesting that Apple is of the same view: HTTPS connections are strongly preferred, but may not always be practical.
It’s not the first time iOS 9 has come into conflict with advertisers: the new version of Safari in iOS 9 also includes content blocking features that make it easier to block ads – a move that potentially threatens sites like this one that rely on ad revenue to pay the bills.
FTC: We use income earning auto affiliate links. More.
i wish Apple would allow installing AdBlock system-wide
And bankrupt every free site on the internet?
Yes
I don’t know why this got so many likes. Ads are a vital part of the internet and make the only income for most site owners. Would anyone really be willing to read this site for a monthly fee for example?
I agree with the others, ads have gotten too greedy with processing power of our devices. Site owners have gotten too greedy with the number of ads they push on a single screen. All of this ends up slowing down our devices which slows everything. Ads should be limited to simple graphic, no video should be or any other high processor/bandwidth features should be allowed.
Like evolution, the internet would find a way … Oh wait, it already has.
Nothing new, really. These lines of “code” was presented at WWDC2015 in June. However it is unlikely that Apple will approve apps with these override settings in times to come. TLS1.2 and PFS for the win!
They will always have to allow it because a specific set of apps like a web browser needs to be able to load non HTTPS websites.
Just redirect to the Safari browser and it will work fine. The restriction is for under the sheets in app http calls.
Typical Google spies. Allowing ads so they can spy on as many people as possible. GTFO Google!
So, in the name of security, here’s how to load non-secure content to your visitor’s browser.
Not to be picky but Apple showed how developers to do this when they made the announcement about HTTPS only at WWDC. This isn’t some secret that Google are telling people nor is it something that is forbidden by Apple.
Apple says “App Transport Security is a feature that improves the security of connections between an app and web services. The feature consists of default connection requirements that conform to best practices for secure connections. [B]Apps can override this default behavior and turn off transport security.[/B]” Then discusses it. Google is condensing what Apple themselves say.
Yep, as the piece says: “It should also be noted that the code it has provided utilizes an exception capability provided by Apple itself, suggesting that Apple is of the same view: HTTPS connections are strongly preferred, but may not always be practical.”
I’m sure EVERYONE inserting ads will just use this “as a last resort”…
“Given that Google is a strong proponent” of stealing and monetizing our User’s Data to the utmost degree.
What ever happened to the Google mantra of “Do No Evil?” Oh, that’s right they sold it for making Bazillions of $$$$ and selling everyone’s personal data.
Fawk Google – and Android, just because it’s a lying ripoff as well!
YMMV
Don’t be evil Google
surely if apple are implementing ad free, and this code over turns that, apple will simply ban these apps until the code is removed based on security…
I think we, the users, should have full choice or whether we want ads or not…
personally i don’t mind a few ads, ones that relate to the website that don’t distract…but as soon as they become pop-ups and i am having to close ads down, or they disrupt the layout and make it hard to read — then i become annoyed…
Then you’re sure to appreciate Google (Chrome) blocking those massively irritating flash ads beginning Monday.
The web should transition to a new bussiness model. We Hate Ads!
So basically, Apple gave developers this code, not Google! .. What a clickbait headline.
Ben – Look at the post’s title. Look at the comments below. Either a significant portion of the commenters didn’t read the full post, or couldn’t comprehend what they read. Regardless, the title sort of implies Google is nefariously “backdooring” Apple’s security. It feeds the flames for the ignorant and ill informed. I won’t say it’s bait, but it’s close.
It was indeed challenging to come up with a headline that summarised the story without misleading anyone. I think ‘disabled’ does it, but – as ever – people need to read the whole piece to ensure it’s understood.
It’s neither difficult nor expensive to use https, so what’s really going on with those ad purveyors who apparently are unwilling or incapable of using it?
Is it going to be your site’s policy to add a little “poor us” addendum to each post related to iOS 9 content blockers? I’ve seen it multiple times, and I’m sorry but its getting tiresome.
The fact is the web publishing industry has abused the trust of users with invasive ads and tracking, that slows sites down and eats up extra bits of data on mobile, costing the user time and money. Yes we know ads pay the bills, but there is also a better way to do them.
Think about this Ben. Do you feel bad when you skip an ad on TV? Do you think about how rates may go down because less people are watching those ads? Do you feel bad to use your DVR? Absolutely not. Why? Cause people hate ads if they can skip them!
Your site has written articles about the music industry, and how it needed to change and figure out new ways to exist in the time of streaming. I mean shit, we pay $9.99 for a month for nearly EVERY record put out. Doesn’t that sound insane? Do we think about the artists making less because people are buying less records? No, and I’m sure you don’t either when (if) you use Spotify or Apple Music.
You web publishers will have to figure out something new. That’s how it goes. Please quit crying about it on your site.
Any suggestions? That would more helpful than what you IMO somewhat arrogantly wrote.
Google has a program called Contributor where you as a user can pay some amount each month to avoid the majority of ads on member sites. Would you be willing to pay with actual dollars to visit and/or interact with sites like this? How much? If not, why not?
Are you willing to suffer a few ads to be able to visit here without paying? Do you have some other idea about how those website owners that spend a great deal of time and resources finding and delivering stories and information you think is valuable can be paid for their efforts? I do know that sites with paywalls aren’t one of my favorites and I doubt Google Contributor will be the answer.
While I agree that the advertising industry needs to throttle back some, are you familiar with the phrase “toss the baby out with the bathwater”? I think it’s an appropriate thing to keep in mind. Ads have been the backbone that made newspapers, TV and magazines possible. That small price you pay for a print publication doesn’t come close to covering the true costs of producing it, but even that seems to be too much for an increasing number of consumers who think they should not have to offer anything of value in return when someone gives them something they think has value.
First full disclosure. I block trackers through ghostery and certain ad types on some sites, while other sites that I frequent and am a regular visitor of I fully enable their ads. I go to about 12 sites regularly, and have all of their ads enabled. I have this site fully enabled currently.
I would be willing to pay a subscription if the collection of sites was large enough/good quality and was on a topic I liked. Maybe give subscribers certain benefits, like their comments being more visible, or special long form stories or video content just for subscribers.
Instead of a subscription fee, sites could do more sponsored posts. I’ve seen those on other sites, and I like them better because it feels a little more curated and vetted as a quality product than the sometimes random ads that appear through ad networks. Publishers should put themselves in the shoes of the site visitor, and truly think of what they would want their experience to be when they visit a site.
I don’t mind ads when they are done in a way that isn’t intrusive, or done in a way that, especially on mobile, isn’t set up to encourage accidental clicks. There is also a phrase “you reap what you sow.” The music industry went through this, and now its the publishing industries turn. And truth be told, it isn’t 100% a bad thing, its just different. Some sites may have to slim down their staff, or refocus their efforts in what kind of stories they publish, or some may take a new direction and be better for it. Sometimes when people are backed into a corner great things emerge.
And you’re right, my original comment came off as arrogant and pissy. Apologies!
I’m rather a poor case for the TV analogy as I don’t own one. :-) But I’m of course a web user, and intrusive ads annoy me as much as anyone else. I absolutely agree that all parties in this game have to up their game – in fact, I wrote an opinion piece saying just that: http://9to5mac.com/2015/06/26/ios-adblocker-ios-9-content-blocking/
“Google updated its blog post to emphasize that it suggests this only as a last resort” Developers do not understand the words “only as a last resort” if it gets their code done faster.
No one objects to add needed to pay the bills, but when they’re in the way if the content, taking up 40% or more of the screen, or downloading several MBs of video or blaring audio, that’s the kind of thing people want to block.
Come on, you know how easy it is to block ads on iOS? Simply remove the app from cellular data in Privacy settings, and disconnect from WiFi. Voila, no ads.
Ok, I don’t know how this works but I’ve searched an item on amazon and when I view this site, I see the items that I searched for between articles as an Ads. It worked the same way when search other online store items. How did that happened?
Apple should sue Google on this criminal offence
You of course must mean Apple should be sued. It’s their bypass not Google’s. It was even discussed at WWDC. Google is simply noting something to developers that Apple themselves provided.
So do you work for Google? Trying to justify a criminal offence.. Google is guilty and should be fined some billions dollars for this!
It’s a criminal offense that Apple allows developers to override App Transport Security? How so?
gatoryguy2: Jim Phong also thinks it was illegal for Disney to cancel Tron 3. His grasp on the law is tenuous and decidedly biased.
Your business plan isn’t my problem. Maybe you should explore other options?
Cannot wait for ad blocking. And Apple will allow for extensions, much like in Safari desktop. I enjoy mine…turn it on, and *POOF* bye-bye ads.
The arguments from people who seem to think that ads should be permitted… I pay for internet access. Why do I have to see your ad? Do you pay me back? Its my data usage that is impacted by your ads.