Moving forward, apps on iOS that communicate with a server will be more secure, as Apple is making its App Transport Security (ATS) feature mandatory.
By the end of 2016, apps submitted to the App Store will need to adopt the protocol, which secures communication between an app and its server.
Ahead of the announcement in a session at WWDC, Apple only suggested that developers use ATS as soon as possible. It’s on by default in iOS 9 and macOS (OS X?) 10.11.
Apple notes ATS “prevents accidental disclosure” of personal information, and “provides secure default behavior” for apps.
New: All apps will need to enforce App Transport Security by end of 2016 to submit to App Store! #WWDC2016
— joshOS (@joshavant) June 14, 2016
It’s something developers should have seen coming, really. Apple’s increased dedication to privacy birthed this feature, and it hasn’t let up on its position at any point.
It also makes sense for those with subscription apps who want to host content on their own servers. By forcing the hand of developers who may have lazily overlooked ATS, Apple is making sure what’s transmitted is entirely secure.
ATS’ current language states apps can access insecure domains, but Apple requires that they be detailed in the Info.plist documentation for each app.