Apple gives iOS app developers more time to encrypt communications

The iOS App Transport Security (ATS) will not become a requirement on Jan. 1, as previously announced

Apple has backtracked on a plan to force iOS developers to encrypt their app communications by the end of the year.

The company had previously announced at its Worldwide Developers’ Conference in June that all apps submitted to the App Store will need support the App Transport Security (ATS) feature starting January 1st, 2017. It has not yet set a new deadline.

ATS is a feature first introduced in iOS 9 that forces apps to communicate with internet servers using encrypted HTTPS (HTTP over SSL/TLS) connections. It's an improvement over the third-party frameworks that developers previously used to implement HTTPS because it ensures that only industry-standard encryption protocols and ciphers are used.

Even if ATS is enabled by default in iOS, on a technical level app developers can disable some of its features or can opt out of it entirely through various exception settings that ATS makes available.

A recent study performed by security firm Appthority on the top 200 apps present on iOS enterprise devices showed that 97 percent of them bypassed at least some ATS requirements and weakened the default and recommended configuration.

Apple planned to include ATS compliance as a requirement in its App Store review process starting next year and to require reasonable justifications for any exceptions. However, as the Appthority study showed, many developers are unprepared to fully enable ATS in their apps.

"At WWDC 2016 we announced that apps submitted to the App Store will be required to support ATS at the end of the year," Apple said in an announcement on its developer site Wednesday. "To give you additional time to prepare, this deadline has been extended and we will provide another update when a new deadline is confirmed."

There are many reasons why developers might not be ready or even able to encrypt all of their apps' traffic. For example, many apps integrate with third-party advertising, analytics and media hosting services and the adoption of HTTPS by those services is not something that app developers can control.

As of December 22, the 3 percent ATS readiness figure among iOS apps had grown to only 5 percent, the Appthority researchers said Thursday in a blog post. "We assume that Apple, too, realized that an unacceptably high number of apps would fail to meet the ATS deadline unless it was extended."

The researchers believe that even if Apple hasn't abandoned its plans for full ATS compliance, this is not something that can be achieved very soon, which is probably why a new deadline hasn't been announced yet.

"In light of this new development, we recommend that enterprises track the state of apps’ ATS compliance and consider alternatives to apps that access sensitive corporate data and don’t secure their network connections using ATS," they said.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?