iPhone-locked

While Apple introduced its App Transport Security feature in iOS 9, which ensured that all connections between apps and servers must be encrypted, it wasn’t compulsory for developers to use it – and Google even helped them disable it.

All this will end on January 1st next year, reports TechCrunch, when Apple will require all apps to use HTTPS connections to servers to ensure that only encrypted data is transmitted …

At the end of 2016, Apple will make ATS mandatory for all developers who hope to submit their apps to the App Store.

This is good news for app users, as there’s currently no real way to know whether an app uses HTTP or HTTPS for its comms. As of next year, we ought to be able to be confident that it is secure.

Even using HTTPS doesn’t guarantee complete security, however: a vulnerability in the protocol discovered last year left 1,500 apps vulnerable to man-in-the-middle attacks after developers failed to update to the latest version.

Graphic: icameroon.com

FTC: We use income earning auto affiliate links. More.


Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy's favorite gear