Reg comments15

Apple drops requirement for apps to use HTTPS by 2017

Deadline for App Transport Security adoption delayed until time of Cupertino's choosing

Apple

One of the initiatives Apple trumpeted at its 2016 WorldWide Developer Conference was a requirement for all iOS and OS X apps in its Store to use adopt App Transport Security as of December 31st 2016.

App Transport Security (ATS) arrived in 2015 iOS and OS X in 2015, in Apple's own words, “improves privacy and data integrity by ensuring your app’s network connections employ only industry-standard protocols and ciphers without known weaknesses.” Which in practical terms means apps have to use HTTPS.

While ATS was switched on by default in Apple's operating systems, it wasn't widely adopted. Hence the deadline revealed at Apple's developer gabfest.

But Cupertino has now, in a brief note to developers, announced that “To give you additional time to prepare, this deadline has been extended and we will provide another update when a new deadline is confirmed.”

Apple's not saying why it's giving developers extra time. The Register suspects it's because not many developers got around to implementing ATS. And with the iOS and OS X app stores containing many hundreds of thousands of apps, Apple was probably keen to avoid a New Year's Day OutrageStorm™ if it was forced to remove non-compliant apps.

The notice is so brief that it does not raise the possibility of just when Apple might set a new deadline.

Between now and whenever Apple gets around to doing so, perhaps it is worth trying to figure out which apps you use have bothered to adopt ATS? If the industry runs true to form some bank out there won't have bothered. ®

Sign up to our Newsletter

Get IT in your inbox daily

Biting the hand that feeds IT © 1998–2017