Skip to main content

Apple tells developers all apps must connect securely to servers by January 1st, 2017

While Apple introduced its App Transport Security feature in iOS 9, which ensured that all connections between apps and servers must be encrypted, it wasn’t compulsory for developers to use it – and Google even helped them disable it.

All this will end on January 1st next year, reports TechCrunch, when Apple will require all apps to use HTTPS connections to servers to ensure that only encrypted data is transmitted …

At the end of 2016, Apple will make ATS mandatory for all developers who hope to submit their apps to the App Store.

This is good news for app users, as there’s currently no real way to know whether an app uses HTTP or HTTPS for its comms. As of next year, we ought to be able to be confident that it is secure.

Even using HTTPS doesn’t guarantee complete security, however: a vulnerability in the protocol discovered last year left 1,500 apps vulnerable to man-in-the-middle attacks after developers failed to update to the latest version.

Graphic: icameroon.com

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear