Apple Extends Deadline for Developers to Use HTTPS Connections on iOS Apps
In a bid to increase the security of iOS apps, Apple had announced at WWDC 2016 that iOS app developers would need to switch to the App Transport Security (ATS) to ensure their apps only connected over the more HTTPS protocol from January 1, 2017. However, Apple now has extended the deadline to an unconfirmed date. Apple has assured that it will inform about the new deadlines as they get decided, but did not give a reason for a delay beyond giving more time for adoption.
Apple, in a post on its developer website, has mentioned that the company is giving more time to the developers to make the shift from HTTP to HTTPS for all of the apps submitted to the App Store. “App Transport Security (ATS), introduced in iOS 9 and OS X v10.11, improves user security and privacy by requiring apps to use secure network connections over HTTPS. At WWDC 2016 we announced that apps submitted to the App Store will be required to support ATS at the end of the year. To give you additional time to prepare, this deadline has been extended and we will provide another update when a new deadline is confirmed,” reads the Apple post.
To recall, Apple introduced the App Transport Security (ATS) in iOS 9 and OS X v10.11 to make a more secure connection between the apps and servers over HTTPS. Back then, it was not mandatory for the developers to make the switch, but at WWDC 2016, ATS became a mandatory feature for all apps. HTTPS connection uses the TLS v1.2 standard for online data transfer of private information like banking details, confidential emails etc.
After Apple’s ATS enforcement came into existence, Google, in a very unusual move, had released a workaround to disable HTTPS for its Google Mobile Ads SDK for iOS apps. Using those four lines, developers could disable ATS and continue serving advertisements in the apps. However, Google later explained its approach and laid emphasis on its commitment towards the secured HTTPS connectivity for iOS apps.