Apple forces additional security requirements on iOS apps

By

iPhone SE
Apple plans to make HTTPS mandatory for apps.
Photo: Ste Smith/Cult of Mac

Apple is finally dropping the ban hammer on HTTP.

As part of its overall efforts to increase security on iOS, Apple revealed to developers at WWDC that it will soon force all apps to use a secure HTTPS connection to access web service, so that users’ data stays encrypted while in transit.

The change is part of Apple’s plan to lockdown parts of iOS from hackers, the government and even itself, after battling the FBI and U.S. Department of Justice earlier this year over security and privacy. While some government officials have called for less encryption, Tim Cook and Apple have argued that the world needs more encryption because of the sheer amount of data that is available to attackers.

All developers that submit their apps to the App Store after Dec. 31, 2016 will be required to use Apple’s App Transport Security feature which forces an app to connect to web services with an HTTPS connection.

The change will mean iPhone and iPad users will be ensured that data such as credit card info, address, name and more will be secure from hackers and other eavesdroppers while moving from your device to the app’s web servers.

The feature has been turned on by default since iOS 9, but developers could opt-out and use an HTTP connection instead, which does not encrypt user’s data. Apple also introduced new security features as part of iOS 10, including end-to-end encryption for iMessages.

Newsletters

Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.