logo
logo

Apple starts clock on HTTPS app rule

avatar
Justin Cornell
img

"This means that by the end of 2016, when your apps communicate with server backends, they must do so using a secure TLS back-channel unless the data is bulk data such as media streaming, or data that is already encrypted," said Krstić.

Cupertino says that many developers are already using the security tools.

Designed to prevent attackers from intercepting data traffic, ATS ensures that all HTTP connections made by an app use the secure TLS 1.2 protocol to encrypt data while in transit.

Krstić listed ATS as a "best practice" for developers alongside other measures, such as Touch ID authentication and maintaining updated API code that third-party developers should use.

The Apple security engineer credits his company's security approach as the reason iOS malware is all but unheard of in comparison to nefarious software found on competing Android devices.

Those protections have also brought Apple criticism from government and law enforcement agencies, most notably earlier this year when Cupertino engaged in a standoff with the FBI over its refusal to help investigators crack the iPhone used by one of the San Bernardino shooters.

collect
0
avatar
Justin Cornell
guide
Zupyak is a free content platform for publishing and discovering stories, software and startups.