Table of Contents
https everywhere Apple will require HTTPS connections for iOS apps by the end of 2016
Beginning January 1, 2017, Apple is requiring all apps to secure connections via HTTPS and certain other security requirements. https everywhere These new requirements are called App Transport Security, or ATS. For more information, see TechCruch and/or Apple Developer https everywhere
At least in the near term, Apple is expected to allow apps already approved in the App Store to remain there without being updated. However, as of Jan. 1 all new and revised apps submitted to Apple for approval will need to be ATS-compliant. https everywhere To be ATS-Complaint, a sites must use HTTPS. Sites using HTTP will not be in compliance with ATS requirements. (So far, Google is not enforcing the HTTPS requirement for Android apps) https everywhere
For any sites still using HTTP, we strongly recommend you upgrade to HTTPS as soon as possible. Upgrading your site to HTTPS is not difficult and your hosting provider may be able to help you with this. Security certificates are required for each of such sites, and this too can be obtained through your hosting company or elsewhere. https everywhere
While updating to HTTPS can be a bit of work, the use of HTTPS will help ensure a safer internet for everyone. https everywhere
Toward the end of 2016, Apple will make ATS obligatory for all engineers who would like to present their applications to the App Store. Application engineers who have been pondering when the sledge would drop on HTTP can rest somewhat simpler now that they have a reasonable due date, and clients can unwind with the information that safe associations will be constrained in the majority of the applications on their iPhones and iPads. >In obliging engineers to utilize HTTPS, Apple is joining a bigger development to secure information as it voyages on the web. While the safe convention is normal on login pages, numerous sites still utilize plain old HTTP for the vast majority of their associations. That is gradually changing the same number of destinations make the laborious move to HTTPS (Wired has been especially great at reporting the procedure).