Thursday, 18 June 2015

iOS 9 developers should "exclusively" use HTTPS

Apple has a lot of industry weight and can make or break technologies simply through putting their support behind them or ignoring altogether. As an example, their refusal to adopt Flash has quickened its inevitable demise, whilst their support of HTML5 has caused an uptick in usage across the web. 

During the Cupertino-based giant's developer conference last week, Apple encouraged the encryption of all websites and apps through the use of HTTPS by default. 
In the pre-release documentation for iOS 9, the company wrote: "If you’re developing a new app, you should use HTTPS exclusively. If you have an existing app, you should use HTTPS as much as you can right now, and create a plan for migrating the rest of your app as soon as possible." 
Apple is using a new privacy feature called App Transport Security to sway developers: “App Transport Security (ATS) lets an app add a declaration to its Info.plist file that specifies the domains with which it needs secure communication. ATS prevents accidental disclosure, provides secure default behavior, and is easy to adopt. You should adopt ATS as soon as possible, regardless of whether you’re creating a new app or updating an existing one.” 
It's not just Apple which is promoting the adoption of encryption. The White House has ordered all federal websites to be encrypted by the beginning of 2017 - just days after an alleged hack by the Syrian Electronic Army into the US Army's website that defaced it with messages such as: "Your commanders admit they are training the people they have sent you to die fighting." 
Microsoft is making it simple for website developers to enforce HTTPS connections to their site in its new 'Edge' browser through a new feature known as HSTS (HTTP Strict Transport Security.) 
Greg Norcie, staff technologist with the Center for Democracy and Technology, said: “The writing is on the wall - HTTPS is the future, and those who have not adopted it need to develop a plan to do so before the decision is made for them, either by users who prefer a provider that respects the security of their personal data, or by regulators who may view failing to enable HTTPS as failing to adopt industry best practices." 
Do you think Apple should force developers to "exclusively" use HTTPS? Let us know in the comments.

No comments:

Post a comment

Note: only a member of this blog may post a comment.

Popular Posts