At the WWDC in July 2016, Apple announced that its new security feature, App Transport Security (“ATS” – a technical standard improving user security and privacy by requiring apps to use secure network connections over HTTPS) would be mandatory by January 1, 2017. However, just a few weeks ago on December 21, Apple announced that it had extended this deadline for which apps on the App Store would be required to use ATS.
While the new deadline is still yet to be announced, you’re not doing yourself any favors by dragging your heels. Here’s why you need to act now to make sure your apps are compliant for the new mandate:
- ATS improves security and privacy by requiring apps to transfer data through secure connections over HTTPS. Online banks, e-commerce websites, and companies generally dealing with highly sensitive user data already employ similar protocols. Any company with mobile apps should be looking for this added security as well.
- ATS is currently enabled by default. While you have the option to disable it by inserting HTTPS exceptions in the code, enabling these exceptions could put end users at risk by circumventing recommended protections. Any exceptions will also trigger a review by Apple and ask you to provide “reasonable justifications” – which require detailed notes for all domains or keys for which you want exceptions.
- Most importantly, once the ATS deadline is reached, enabling these exceptions will no longer be an option – all apps must comply. Any apps that are not ATS-compliant risk being rejected from the App Store. Getting your web and mobile properties ready for these new security mandates could take some time, so get your developers working on them now.
While your development teams are undoubtedly busy prioritizing app functionality and release cycles, making sure your apps are ATS-compliant should not take a backseat. Instead of waiting for Apple to announce the new deadline, we strongly recommend you get ready for ATS now and keep your mobile apps secure.