iOS 9 developers should "exclusively" use HTTPS

(Image Credit: iStockPhoto/Geebshot)

Apple has a lot of industry weight and can make or break technologies simply through putting their support behind them or ignoring altogether. As an example, their refusal to adopt Flash has quickened its inevitable demise, whilst their support of HTML5 has caused an uptick in usage across the web. 

During the Cupertino-based giant's developer conference last week, Apple encouraged the encryption of all websites and apps through the use of HTTPS by default. 

In the pre-release documentation for iOS 9, the company wrote: "If you’re developing a new app, you should use HTTPS exclusively. If you have an existing app, you should use HTTPS as much as you can right now, and create a plan for migrating the rest of your app as soon as possible." 

Apple is using a new privacy feature called App Transport Security to sway developers: “App Transport Security (ATS) lets an app add a declaration to its Info.plist file that specifies the domains with which it needs secure communication. ATS prevents accidental disclosure, provides secure default behavior, and is easy to adopt. You should adopt ATS as soon as possible, regardless of whether you’re creating a new app or updating an existing one.” 

It's not just Apple which is promoting the adoption of encryption. The White House has ordered all federal websites to be encrypted by the beginning of 2017 - just days after an alleged hack by the Syrian Electronic Army into the US Army's website that defaced it with messages such as: "Your commanders admit they are training the people they have sent you to die fighting." 

Microsoft is making it simple for website developers to enforce HTTPS connections to their site in its new 'Edge' browser through a new feature known as HSTS (HTTP Strict Transport Security.) 

Greg Norcie, staff technologist with the Center for Democracy and Technology, said: “The writing is on the wall - HTTPS is the future, and those who have not adopted it need to develop a plan to do so before the decision is made for them, either by users who prefer a provider that respects the security of their personal data, or by regulators who may view failing to enable HTTPS as failing to adopt industry best practices." 

Do you think Apple should force developers to "exclusively" use HTTPS? Let us know in the comments.

Related Stories

Leave a comment

Alternatively

This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.

SusanDiaz
16 Jun 2015, 9:50 a.m.

Apple is using a new privacy feature called App Transport Security to sway developers: “App Transport Security (ATS) lets an app add a declaration to its Info.plist file that specifies the domains with which it needs secure communication. ATS prevents accidental disclosure, provides secure default behavior, and is easy to adopt. You should adopt ATS as soon as possible, regardless of whether you’re creating a new app or updating an existing one.”

http://www.agileinfoways.com/technical-expertise/mobile-applications-development/iphone/

However Apple’s new initiative in iOS 9 is likely to have a big impact by virtue of the number of app developers who depend on it.

Reply

MatthewEyraud
18 Jun 2015, 6:55 p.m.

Forgive me if this question seems naive: Is there any argument against using HTTPS for someone who is starting? I understand that migrating an existing project has costs and challenges, that's not what I'm asking. How much "harder" or costly would it be to use HTTPS vs. HTTP?

Reply

Motti Shneor
23 Jul 2015, 8:31 p.m.

But the web is not all "HTTPS". Many web services employ other protocols, and proprietary protocols, which aren't even categorized by Microsoft and Apple.

Most Enterprise-grade solutions don't go the mainstream Web-Server-Web-Client route, but have variations of this, to maintain their high-performance high-bandwidth connections.

What about the security of these?

Reply