Apple extends developer deadline for mandatory App Transport Security support
Apple has given app developers more time to turn on App Transport Security (ATS) after originally insisting that software submitted to the App Store utilize the feature by the beginning of 2017.
According to a brief note posted on the Apple developer website on Wednesday, ATS, first introduced in iOS 9 and OS X v10.11, will now not become mandatory for apps to support by the 1 January 2017.
Instead, Apple has decided to give developers "additional time to prepare" for the switch and so has extended the original deadline.
ATS is a feature of Apple's iOS and OS X operating systems which ensure that applications do not load resources over HTTP connections, which are not secure and may be eavesdropped on by attackers. Instead, ATS requires that resources are loaded through HTTPS, a secure communication protocol often used by other services including online banks and e-commerce websites which encrypts data through Transport Layer Security Layer (TLS).
Back in June at the Apple Worldwide Developers Conference (WWDC), the tech giant revealed that the security feature would become non-negotiable by January 1, 2017.
Currently, ATS is enabled by default but app developers do have the option of disabling the feature.
"It [ATS] improves privacy and data integrity by ensuring your app's network connections employ only industry-standard protocols and ciphers without known weaknesses," Apple states in the firm's ATS developer notes. "This helps instil user trust that your app does not accidentally leak transmitted data to malicious parties."
While developers can still create exceptions to the rule and do not have to implement ATS for every transfer, the company recommends that HTTPS should be used exclusively to protect user privacy and data.