While Apple introduced its App Transport Security feature in iOS 9, which ensured that all connections between apps and servers must be encrypted, it wasn’t compulsory for developers to use it – and Google even helped them disable it.
All this will end on January 1st next year, reports TechCrunch, when Apple will require all apps to use HTTPS connections to servers to ensure that only encrypted data is transmitted …
At the end of 2016, Apple will make ATS mandatory for all developers who hope to submit their apps to the App Store.
This is good news for app users, as there’s currently no real way to know whether an app uses HTTP or HTTPS for its comms. As of next year, we ought to be able to be confident that it is secure.
Even using HTTPS doesn’t guarantee complete security, however: a vulnerability in the protocol discovered last year left 1,500 apps vulnerable to man-in-the-middle attacks after developers failed to update to the latest version.