Appthority, the enterprise MDM company, has shown that 97% of apps fail Apple’s new mandate for iOS mobile app security testing. With only three% of iOS apps compliant with the App Transport Security standard from Apple and the date for compliance coming nearer, a lot of iOS developers will be working over the holiday season to improve their iOS app security.
Appthority surveyed the global top 200 iOS apps used on enterprise phones to work out how many had taken measures to meet the App Transport Security requirement and the number which had a lot of work to do
Robbie Forkish, VP Engineering, said, “Although Apple’s ATS encryption requirements go into effect in just a few weeks, Appthority researchers found that the majority of apps in the enterprise don’t completely utilize the best practices encryption standard, which should be a concern to enterprises.”
He went on to say, “The new ATS mandate only applies to new submissions to the App Store, and Apple will be allowing exceptions to ATS, so while the requirement should strengthen data security, there will still be iOS apps not using data encryption in enterprise environments, even after Jan. 1. For this reason, it’s incredibly important that businesses have visibility into, and management of, the risks related to apps with these exceptions, as they can put enterprise data at risk.”
The survey showed that ATS was not enabled for all networks on 83% of apps whereas 26% apps had domains set up in way that contradicted ATS. In addition, 55% of apps allowed using HTTP instead of HTTPS. Appthority says that existing apps without proper ATS will not be pulled from the App Store. Still, new apps and releases for current apps will require mandatory compliance to ATS.
Apple’s approach to iOS mobile app security testing shows the need to secure data online with a lot of websites still using HTTP to secure their connections and will support the near universal opinion that iOS is the most secure mobile operating system. To see more on the new App Transport Security requirements please look at our earlier piece on this topic.
Codified Security is here to help make your mobile app secure whether it’s for iOS mobile app security testing, Android, or to make sure you’re clearing the OWASP Mobile Top 10. For mobile app security testing try out Codified Security.