Apple tells developers all apps must connect securely to servers by January 1st, 2017


While Apple introduced its App Transport Security feature in iOS 9, which ensured that all connections between apps and servers must be encrypted, it wasn’t compulsory for developers to use it – and Google even helped them disable it.

All this will end on January 1st next year, reports TechCrunch, when Apple will require all apps to use HTTPS connections to servers to ensure that only encrypted data is transmitted …

At the end of 2016, Apple will make ATS mandatory for all developers who hope to submit their apps to the App Store.

This is good news for app users, as there’s currently no real way to know whether an app uses HTTP or HTTPS for its comms. As of next year, we ought to be able to be confident that it is secure.

Even using HTTPS doesn’t guarantee complete security, however: a vulnerability in the protocol discovered last year left 1,500 apps vulnerable to man-in-the-middle attacks after developers failed to update to the latest version.


FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:



iOS is Apple's mobile operating system that runs on iPhone and iPod touch. Historically, Apple releases a new iOS version once a year, the current version is iOS 13.


WWDC App Transport Security ATS

About the Author

Ben Lovejoy's favorite gear


Apple Watch Series 3