Deploy360 20 February 2017

Apple to mandate TLS in 2017

By Kevin MeynellFormer Senior Manager, Technical and Operational Engagement

One of the announcements at the last Apple Worldwide Developers’ Conference (WWDC16) was that Apple would require all apps in its App Store to support TLS 1.2. TLS is a protocol that encrypts data sent between applications over the Internet, and is therefore essential for ensuring that data being transmitted cannot be eavesdropped on.

The best known usage of TLS is in secure web browsing (using HTTPS) which can be visually checked using the padlock icon that appears in browsers when a secure session is established. Unfortunately, mobile apps are often less transparent about the security of their connections when they connect to a server, and it can be much harder to tell whether an app is using TLS.

Apple therefore introduced App Transport Security (ATS) in iOS 9, which forces apps to connect over a secure connection. Until now, it has been possible for apps to disable this so they can use non-TLS enabled services, but from some point in 2017 this will no longer be possible.

Apps were already supposed to have migrated to using ATS by 1 January this year, but with only 3% of the 200 most popular apps (including Facebook, LinkedIn and Skype) found to be fully compliant, Apple has announced an extension to this deadline. Nevertheless, if you’re an iOS app developer or operating services accessed by iOS apps, you need to be ensuring that you can support the ATS requirements over the coming months.

More Information:

Deploy360 also aims to help this process, so please take a look at our TLS section to understand why the use of TLS is important.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...