Apple will require HTTPS connections

Discussion in 'Buildbox General Discussion' started by AndyG, Jun 15, 2016.

Tags:
  1. AndyG

    AndyG Miniboss Boxer

    Joined:
    Sep 25, 2015
    Messages:
    1,100
    Likes Received:
    915
    Apple will require HTTPS connections for iOS apps by the end of 2016
    https://techcrunch.com/2016/06/14/a...-connections-for-ios-apps-by-the-end-of-2016/

    During a security presentation at Apple’s Worldwide Developers’ Conference, the company revealed the deadline for all apps in its App Store to switch on an important security feature called App Transport Security — January 1, 2017.

    App Transport Security, or ATS, is a feature that Apple debuted in iOS 9. When ATS is enabled, it forces an app to connect to web services over an HTTPS connection rather than HTTP, which keeps user data secure while in transit by encrypting it.

    The “S” in HTTPS helpfully stands for secure and you’ll often see it appear in your browser when logging into your banking or email accounts. But mobile apps often aren’t as transparent with users about the security of their web connections, and it can be hard to tell whether an app is connecting via HTTP or HTTPS.

    Enter ATS, which is enabled by default for iOS 9. However, developers can still switch ATS off and allow their apps to send data over an HTTP connection — until the end of this year, that is. (For technical crowd: ATS requires TLS v 1.2, with exceptions for already encrypted bulk data, like media streaming.)

    At the end of 2016, Apple will make ATS mandatory for all developers who hope to submit their apps to the App Store. App developers who have been wondering when the hammer would drop on HTTP can rest a little easier now that they have a clear deadline, and users can relax with the knowledge that secure connections will be forced in all of the apps on their iPhones and iPads.

    In requiring developers to use HTTPS, Apple is joining a larger movement to secure data as it travels online. While the secure protocol is common on login pages, many websites still use plain old HTTP for most of their connections. That’s slowly changing as many sites make the arduous transition to HTTPS (Wired has been particularly good at documenting the process).
     
    AndyG, Jun 15, 2016
    #1
    trudnai and telerebor like this.
  2. trudnai

    trudnai Miniboss Boxer

    Joined:
    Sep 25, 2015
    Messages:
    1,235
    Likes Received:
    701
    Thanks for the headsup @AndyG, I will watch the videos later - but in the meanwhile, do you know if they require proper CA issued certificates or self signed one is accepted? Can you use Apple Developer website to create your SSL certs (same way as creating one for push notifications). I have more questions but lets just not throw all in one :)
     
    trudnai, Jun 17, 2016
    #2

Share This Page