Apple mandates App Store apps support ATS security protocol by 2017

article thumbnail

In an announcement at a Worldwide Developers Conference session on Tuesday, Apple said apps submitted to its various App Stores will be required to use the App Transport Security standard by the end of 2016, a decision that underscores the company's dedication to customer privacy.

Introduced as part of iOS 9, ATS transfers app data over HTTPS connections instead of HTTP, thereby reducing the potential of user exposure to nefarious code or data theft. Starting Jan. 1, 2017, all new apps and app updates submitted to the App Store will need to support the protocol, reports TechCrunch.

ATS is turned on by default in Apple's development tools, though developers currently have the option to deactivate the security feature if they so choose.

Apple's upcoming deadline mirrors a wider industry shift toward HTTPS-based connections. Banks and internet service providers dealing with highly sensitive user data were among the first to deploy HTTPS solutions, and an increasing number of companies have since adopted similar safeguards. Device manufacturers marketing bespoke operating systems, like Apple's iOS and Mac, have followed suit.

ATS found itself at the center of a small controversy last year when Google publicly disclosed a technique of sidestepping the iOS security protocol with just a few lines of code.

Google discovered that ATS was blocking ads from displaying correctly in certain mobile apps, which presented an obvious threat to its lucrative advertising business. In response, the internet search giant posted a "short term fix" to its Ads Developers Blog proposing developers inject HTTPS exceptions into their apps. By allowing non-secure HTTP requests to succeed, these exceptions inherently put users at risk.

In any case, developers looking to sell their wares on Apple's App Stores will have no choice but to comply with ATS guidelines come January.

 

Latest News