January 1, 2017

During a security presentation at Worldwide Developers’ Conference, Apple revealed the deadline for all apps in its App Store to switch on App Transport Security before January 1, 2017.


It is important for app publishers to note that this applies to all services they use

  • mBaaS or Mobile backend as a service providers
  • SaaS platforms for mobile app performance management, crash analysis, basic analytics,
  • Push notification service providers,
  • Growth Intelligence platforms for Contextual marketing and Growth Automation platforms

You will not be able to submit apps to the app store if your provider does not support HTTPS or TLS 1.2.  Apps submitted before Jan 1, 2017 are expected to continue to work with HTTP.

Pyze Growth Intelligence® customers do not have to make any changes.  Pyze has supported ATS since iOS 9 launched.

From the previous post

With iOS 9, a new security feature App Transport Security (ATS) is available to iOS apps and is automatically  enabled when you link your app against the iOS 9.0 SDK or later.  All connections from the app to internet resources using  NSURLConnectionNSURLSession and CFURL are required to follow the ATS security requirements.When connections do not meet these requirement, they fail with an exception.From App Transport Security (developer.apple.com)


App Transport Security (ATS) enforces best practices in the secure connections between an app and its back end. ATS prevents accidental disclosure, provides secure default behavior, and is easy to adopt; it is also on by default in iOS 9 and OS X v10.11. You should adopt ATS as soon as possible, regardless of whether you’re creating a new app or updating an existing one.

If you’re developing a new app, you should use HTTPS exclusively.If you have an existing app, you should use HTTPS as much as you can right now, and create a plan for migrating the rest of your app as soon as possible. In addition, your communication through higher-level APIs needs to be encrypted using TLS version 1.2 with forward secrecy. If you try to make a connection that doesn’t follow this requirement, an error is thrown. If your app needs to make a request to an insecure domain, you have to specify this domain in your app’s Info.plist file.

Also See: InfoPlistKeyReference (developer.apple.com)

Pyze uses https exclusively

Since Pyze only support https to send data from your app to the Pyze servers, you do not need to lax security in your app by disabling secure connections.  If you are using other third party SDKs in your app, that make http connections, please check if the vendor has a version that honors ATS, before opening up non-https connections.


Posted by Dickey Singh

Dickey Singh is the CEO and co-founder at Pyze and has over two decades of experience in mobile, Big Data and SaaS. He started Pyze to help app publishers engage, retain and grow their mobile users using automation. https://twitter.com/DickeySingh Get Pyze: https://pyze.com