Developers and others who want a .app domain can register them through Google's Early Access Program from today until May 7, after which anyone from the public can register a name through any domain registrar.
Google sees the new domain as another avenue for iOS and Android developers to promote their apps beyond the confines of app stores, which can be used as a landing page to share download links, keep users up to date, and deep link to in-app content.
Notably, this is the first TLD that enforces secure HTTPS connections by default using HSTS or HTTPS Strict Transport Security. HSTS preload lists that are shared with major browsers, including Chrome, Safari, Firefox, Internet Explorer 11, Edge, and Opera.
Sites, subdomains and TLDs can be added to the preload list, ensuring that if a user types in the HTTP address of sites on the list they'll automatically be connected via the HTTPS version.
Normally, a site would need to request inclusion in the preload list. However, Google's TLD-wide HSTS means sites under the .app TLD won't have to do this.
Google has been a major advocate of HTTPS as the standard for web connections, to encrypt communications in transit to prevent prying between clients and servers.
Google says .app's TLD-wide HSTS will help protect users against malicious ads, ISP tracking and privacy threats from using unsecured Wi-Fi networks.
"Because .app will be the first TLD with enforced security made available for general registration, it's helping move the web to an HTTPS-everywhere future in a big way," wrote Google's CIO, Ben Fried.
The .app TLD is one of several internet domains where Google plans to use HSTS and it is the fourth open TLD Google has launched.
Google notes there is an indefinite claims period in which trademark owners will receive notifications when their trademarks are registered as .app domains.
Previous and related coverage
Google closes a loophole that allowed uncertified devices to skip its compatibility tests.
ICANN, the group in charge of the Domain Name System, is in a deadlock with the European Union's General Data Protection Regulation over the WHOIS database and that means there's internet trouble ahead.
The controversy affects over 23,000 certificate and website owners -- and threatens to undermine trust in the certificate issuing industry.
The latest version of the protocol for HTTPS secure connections gets green light from the IETF.
The platform's link security infrastructure now includes HSTS preloading.
You no longer have a choice about locking down your website. Google will mark all non-HTTPS sites as insecure this July. It's time to lock your site down, and Let's Encrypt gives you a free and easy way to do it.