Apple gives iOS app developers more time to encrypt communications
From PC World: Apple has backtracked on a plan to force iOS developers to encrypt their app communications by the end of the year.
The company had previously announced at its Worldwide Developers’ Conference in June that all apps submitted to the App Store will need support the App Transport Security (ATS) feature starting January 1st, 2017. It has not yet set a new deadline.
ATS is a feature first introduced in iOS 9 that forces apps to communicate with internet servers using encrypted HTTPS (HTTP over SSL/TLS) connections. It's an improvement over the third-party frameworks that developers previously used to implement HTTPS because it ensures that only industry-standard encryption protocols and ciphers are used.
Even if ATS is enabled by default in iOS, on a technical level app developers can disable some of its features or can opt out of it entirely through various exception settings that ATS makes available.
A recent study performed by security firm Appthority on the top 200 apps present on iOS enterprise devices showed that 97 percent of them bypassed at least some ATS requirements and weakened the default and recommended configuration.
View: Article @ Source Site