Google: Our new .app domain is first to bake in HTTPS to make browsing safer

Developers of games, business and education apps can now claim their own .app name from Google.
Written by Liam Tung, Contributing Writer

Google has announced the launch of its .app top-level domain (TLD), an internet domain it paid $25m for in 2015 after ICANN began auctioning new generic TLDs (gTLD) in 2012.

Developers and others who want a .app domain can register them through Google's Early Access Program from today until May 7, after which anyone from the public can register a name through any domain registrar.

Google sees the new domain as another avenue for iOS and Android developers to promote their apps beyond the confines of app stores, which can be used as a landing page to share download links, keep users up to date, and deep link to in-app content.

See: Google Analytics 101: Executive's guide to measuring business data

Notably, this is the first TLD that enforces secure HTTPS connections by default using HSTS or HTTPS Strict Transport Security. HSTS preload lists that are shared with major browsers, including Chrome, Safari, Firefox, Internet Explorer 11, Edge, and Opera.

Sites, subdomains and TLDs can be added to the preload list, ensuring that if a user types in the HTTP address of sites on the list they'll automatically be connected via the HTTPS version.

Normally, a site would need to request inclusion in the preload list. However, Google's TLD-wide HSTS means sites under the .app TLD won't have to do this.

Google has been a major advocate of HTTPS as the standard for web connections, to encrypt communications in transit to prevent prying between clients and servers.

Google says .app's TLD-wide HSTS will help protect users against malicious ads, ISP tracking and privacy threats from using unsecured Wi-Fi networks.

"Because .app will be the first TLD with enforced security made available for general registration, it's helping move the web to an HTTPS-everywhere future in a big way," wrote Google's CIO, Ben Fried.

The .app TLD is one of several internet domains where Google plans to use HSTS and it is the fourth open TLD Google has launched.

Google notes there is an indefinite claims period in which trademark owners will receive notifications when their trademarks are registered as .app domains.

Previous and related coverage

Google now blocks uncertified Android devices from using its core apps

Google closes a loophole that allowed uncertified devices to skip its compatibility tests.

DNS is about to get into a world of trouble with GDPR

ICANN, the group in charge of the Domain Name System, is in a deadlock with the European Union's General Data Protection Regulation over the WHOIS database and that means there's internet trouble ahead.

Trustico compromises own customers' HTTPS private keys in spat with partner

The controversy affects over 23,000 certificate and website owners -- and threatens to undermine trust in the certificate issuing industry.

Snooping on HTTPS is about to get harder: TLS 1.3 internet encryption wins approval

The latest version of the protocol for HTTPS secure connections gets green light from the IETF.

Facebook bumps up links to HTTPS to boost online security

The platform's link security infrastructure now includes HSTS preloading.

It's HTTPS or bust: How to secure your website

You no longer have a choice about locking down your website. Google will mark all non-HTTPS sites as insecure this July. It's time to lock your site down, and Let's Encrypt gives you a free and easy way to do it.

Editorial standards