Apple extends developer deadline for mandatory App Transport Security support

Apple has backtracked on demands for all App Store app developers to use secure network connections by the beginning of 2017.
Written by Charlie Osborne, Contributing Writer
Roy Zipstein | Apple

Apple has given app developers more time to turn on App Transport Security (ATS) after originally insisting that software submitted to the App Store utilize the feature by the beginning of 2017.

According to a brief note posted on the Apple developer website on Wednesday, ATS, first introduced in iOS 9 and OS X v10.11, will now not become mandatory for apps to support by the 1 January 2017.

Instead, Apple has decided to give developers "additional time to prepare" for the switch and so has extended the original deadline.

ATS is a feature of Apple's iOS and OS X operating systems which ensure that applications do not load resources over HTTP connections, which are not secure and may be eavesdropped on by attackers. Instead, ATS requires that resources are loaded through HTTPS, a secure communication protocol often used by other services including online banks and e-commerce websites which encrypts data through Transport Layer Security Layer (TLS).

Back in June at the Apple Worldwide Developers Conference (WWDC), the tech giant revealed that the security feature would become non-negotiable by January 1, 2017.

Currently, ATS is enabled by default but app developers do have the option of disabling the feature.

"It [ATS] improves privacy and data integrity by ensuring your app's network connections employ only industry-standard protocols and ciphers without known weaknesses," Apple states in the firm's ATS developer notes. "This helps instil user trust that your app does not accidentally leak transmitted data to malicious parties."

While developers can still create exceptions to the rule and do not have to implement ATS for every transfer, the company recommends that HTTPS should be used exclusively to protect user privacy and data.

In 2015, Google faced criticism after bringing the spotlight onto methods to create exceptions for apps to connect to insecure domains -- for the sake of advertising -- despite ATS. While Apple already provided the way to do so in the developer notes, Google was accused of placing advertising above what could be construed as user privacy and interests.

No new deadline has been set for developers to utilize ATS, but the iPad and iPhone maker has promised an update when a new date has been confirmed.

2016 Holiday gift guide: Top tech, gadgets to give this season

Editorial standards