On December 21st 2016 Apple announced a change to its iOS app security plans with the extension of its App Transport Security. The deadline was set as January 1st 2017 for all iOS developers to use App Transport Security when submitting their new apps or updates to the App Store. The App Transport Security is a standard introduced for iOS app security in iOS 9 and OS X 10.11. It improves the privacy and security of users by requiring apps to operate on secure network connections over HTTPS.
According to an official statement on their website for Developer News, Apple declared that it is giving more time to developers to prepare for ATS .
The App Transport Security was introduced to improve iOS app security in 2015 as a method to force apps to transfer all data in a secure way. Other protocols similar to this have already been running in internet service provider companies, banks and other organizations that deal with sensitive user data.
The App Transport Security feature is currently enabled by default in the development toolset. However, it has not been made mandatory yet and developers may disable the feature. It was declared during the Worldwide Developers Conference in 2016 that the feature would be enforced as a compulsory measure from January 1st2017.
A minor controversy was sparked with the introduction of ATS in 2015 when Google publicly announced its technique of bypassing the network security protocol. Google realized that ATS was hindering ads from being displayed in some mobile apps so it made public a bypassing technique as a short term fix by inserting an HTTPS exception in affected links.
To read more about on the new App Transport Security requirements please look at our pieces on how enterprise apps had failed this requirement.
Codified Security is here to help make your mobile app secure whether it’s for iOS app security testing, Android, or to make sure you’re clearing the OWASP Mobile Top 10. For mobile app security testing try out Codified Security.