WWDC 2016: Apple to require HTTPS encryption on all iOS apps by 2017
Apple’s war for encryption continued at the 2016 WWDC event in San Francisco. On Wednesday, during a security presentation at the event, Apple announced that it will require all iOS apps to use HTTPS connections by January 1, 2017.
The announcement, originally reported by TechCrunch, deals with a feature called App Transport Security (ATS), which was originally unveiled in iOS 9. Apple will require all apps to enforce ATS, which will force the connections to HTTPS instead of HTTP.
For those unfamiliar, HTTPS is simply the secure version of HTTP (Hypertext Transfer Protocol), the protocol for data communication online. While your web browser typically displays HTTPS in the URL field, it can be more difficult to tell if a mobile app is using it.
Currently, Apple recommends that iOS apps use ATS, but it isn’t required. By making the use of ATS, and thus encrypted web traffic through HTTPS, Apple is strengthening its stand for privacy that it garnered headlines for when it refused to unlock an iPhone for the FBI.
So, if you’re an iOS developer, you have until the end of the year to enable ATS for your app. However, it hasn’t been clear yet what the repercussions will be for developers who don’t comply.
Encryption has been a big theme all around for this year’s WWDC. During the keynote address, Apple executives noted the company’s dedication to differential privacy and end-to-end encryption.
Encryption was also one of the core focuses of another recent Apple announcement, the Apple File System (APFS). Created to replace the aging HFS+, the APFS is focused on working with SSD storage and treats “encryption as a primary feature,” with three different encryption options.
In the post-Snowden era, questions about personal privacy routinely top the charts of customer concerns. With its continued focus on encryption, Apple could positioning itself as one of the few vendors that tries to protect user data by default, in hopes of holding onto its success in the mobile market.
The 3 big takeaways for TechRepublic readers
- Apple will require that all iOS apps use HTTPS connections before 2017, increasing security and privacy for mobile users.
- The requirement comes through the enabling of ATS (App Transport Security), an iOS 9 feature that is currently not mandatory.
- Apple forcing the use of ATS/HTTPS marks a definitive shift in the company’s battle for encryption, and could win them an audience with the privacy-conscious.
Source | TechRepublic