Friday 17 March 2017

The App Transport Security Deadline Gets Pushed Back by Apple

During the Worldwide Developers’ Conference in June last year, Apple had announced that all apps on the App Store would have to comply with the App Transport Security (ATS) safety protocol by Jan 2017. It was implied that apps that didn’t comply would no longer be featured on the store. Recently, Apple reversed its decision and extended the deadline for ATS compliance indefinitely – giving developers worldwide room to breathe. 

However, ATS hasn’t gone away completely. Apple will attempt to bring back the feature shortly, as safety and data privacy become increasing causes for concern – most apps are nowhere near as secure as they should be.  

What is ATS? 

The App Transport Security is a feature that was implemented by Apple with the release of iOS 9. It gets apps to communicate with servers through the HTTPS (HTTP over SSL/TLS) protocol, which is one of the most secure protocols in existence and tough for hackers to crack. Before ATS, developers used third-party frameworks for HTTPS. 

The problem was (or is) that third-party frameworks don’t always use industry-standard encryptions and cyphers to protect communications. With ATS, Apple was hoping to make the security on most applications airtight. 

Iphone app development

Why did Apple backtrack on its decision?

Of the top 200 apps on the iOS store, only about 5% of them are fully ATS compliant. Many have bypassed one or more standards, making them weak or ineffective when it comes to communications security. Apple couldn’t possibly throw out most of its top grossing apps, which is why they pushed back the implementation deadline indefinitely. 

Why are developers so reluctant to encrypt their communications traffic? While HTTPs encryption isn’t hard to implement, the problem is that many applications are integrated with third-party advertisers, hosts, and analytics tools that don't support the future. 

Developers have no way of making these necessary core extensions of the app HTTPS compliant. Until everyone doesn't adopt the standard, it won't work. It's a job that could take a handful of years. 

What will happen in the future?

 We don’t expect ATS to go away, as cases of data privacy breaches and theft continue to rise. If you own a smartphone application that doesn’t comply with the feature, Openwave’s iphone app development team can be hired to upgrade your app at an affordable price.

No comments:

Post a Comment