Apple gives iOS app developers more time to encrypt communications
Security

Apple gives iOS app developers more time to encrypt communications

Apple has backtracked on a plan to force iOS developers to encrypt their app communications by the end of the year.

The company had previously announced at its Worldwide Developers’ Conference in June that all apps submitted to the App Store will need support the App Transport Security (ATS) feature starting January 1st, 2017. It has not yet set a new deadline.

ATS is a feature first introduced in iOS 9 that forces apps to communicate with internet servers using encrypted HTTPS (HTTP over SSL/TLS) connections. It's an improvement over the third-party frameworks that developers previously used to implement HTTPS because it ensures that only industry-standard encryption protocols and ciphers are used.

Even if ATS is enabled by default in iOS, on a technical level app developers can disable some of its features or can opt out of it entirely through various exception settings that ATS makes available.

A recent study performed by security firm Appthority on the top 200 apps present on iOS enterprise devices showed that 97 percent of them bypassed at least some ATS requirements and weakened the default and recommended configuration.

Apple planned to include ATS compliance as a requirement in its App Store review process starting next year and to require reasonable justifications for any exceptions. However, as the Appthority study showed, many developers are unprepared to fully enable ATS in their apps.

"At WWDC 2016 we announced that apps submitted to the App Store will be required to support ATS at the end of the year," Apple said in an announcement on its developer site Wednesday. "To give you additional time to prepare, this deadline has been extended and we will provide another update when a new deadline is confirmed."

There are many reasons why developers might not be ready or even able to encrypt all of their apps' traffic. For example, many apps integrate with third-party advertising, analytics and media hosting services and the adoption of HTTPS by those services is not something that app developers can control.

As of December 22, the 3 percent ATS readiness figure among iOS apps had grown to only 5 percent, the Appthority researchers said Thursday in a blog post. "We assume that Apple, too, realized that an unacceptably high number of apps would fail to meet the ATS deadline unless it was extended."

The researchers believe that even if Apple hasn't abandoned its plans for full ATS compliance, this is not something that can be achieved very soon, which is probably why a new deadline hasn't been announced yet.

"In light of this new development, we recommend that enterprises track the state of apps’ ATS compliance and consider alternatives to apps that access sensitive corporate data and don’t secure their network connections using ATS," they said.

IDG Insider

PREVIOUS ARTICLE

«Firefox's ready to supercharge browser speed with major multi-process push

NEXT ARTICLE

Neonode AirBar review: Transform your plain-Jane display into a 'touchscreen,' for just $69»
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

Add Your Comment

Recommended for You

silhouette

Everything you need to know about… Tech Careers

IDG Connect tackles the tech stories that matter to you

kathryn-cave

Blockchain For Dummies: What you really need to know

Kathryn Cave looks at the big trends in global tech

martin-veitch-thumbnail

What we know and don’t know about digital transformation

Martin Veitch's inside track on today’s tech trends

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Should companies have Bitcoins on hand in preparation for a Ransomware attack?