‹ Back
Deploy360 20 February 2017

Apple to mandate TLS in 2017

Kevin Meynell
By Kevin MeynellSenior Manager, Technical and Operational Engagement

One of the announcements at the last Apple Worldwide Developers’ Conference (WWDC16) was that Apple would require all apps in its App Store to support TLS 1.2. TLS is a protocol that encrypts data sent between applications over the Internet, and is therefore essential for ensuring that data being transmitted cannot be eavesdropped on.

The best known usage of TLS is in secure web browsing (using HTTPS) which can be visually checked using the padlock icon that appears in browsers when a secure session is established. Unfortunately, mobile apps are often less transparent about the security of their connections when they connect to a server, and it can be much harder to tell whether an app is using TLS.

Apple therefore introduced App Transport Security (ATS) in iOS 9, which forces apps to connect over a secure connection. Until now, it has been possible for apps to disable this so they can use non-TLS enabled services, but from some point in 2017 this will no longer be possible.

Apps were already supposed to have migrated to using ATS by 1 January this year, but with only 3% of the 200 most popular apps (including Facebook, LinkedIn and Skype) found to be fully compliant, Apple has announced an extension to this deadline. Nevertheless, if you’re an iOS app developer or operating services accessed by iOS apps, you need to be ensuring that you can support the ATS requirements over the coming months.

More Information:

Deploy360 also aims to help this process, so please take a look at our TLS section to understand why the use of TLS is important.

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

MPTCP and TLS 1.3 - Big Announcements from Apple
Deploy36022 June 2017

MPTCP and TLS 1.3 – Big Announcements from Apple

Apple recently announced some major changes to their operating systems across all platforms during their flagship developer conference WWDC. The Worldwide...

Deploying TLS 1.3
Deploying TLS 1.3
Deploy36026 August 2018

Deploying TLS 1.3

Last week saw the formal publication of the TLS 1.3 specification as RFC 8446. It's been a long time coming...

Introducing A New Deploy360 Topic: TLS for Applications
Deploy36028 February 2014

Introducing A New Deploy360 Topic: TLS for Applications

How can we help make it easier for developers to learn how to add TLS (SSL) support to their applications?...

Join the conversation with Internet Society members around the world