January 1, 2017
During a security presentation at Worldwide Developers’ Conference, Apple revealed the deadline for all apps in its App Store to switch on App Transport Security before January 1, 2017.
It is important for app publishers to note that this applies to all services they use
- mBaaS or Mobile backend as a service providers
- SaaS platforms for mobile app performance management, crash analysis, basic analytics,
- Push notification service providers,
- Growth Intelligence platforms for Contextual marketing and Growth Automation platforms
You will not be able to submit apps to the app store if your provider does not support HTTPS or TLS 1.2. Apps submitted before Jan 1, 2017 are expected to continue to work with HTTP.
Pyze Growth Intelligence® customers do not have to make any changes. Pyze has supported ATS since iOS 9 launched.
From the previous post
With iOS 9, a new security feature App Transport Security (ATS) is available to iOS apps and is automatically enabled when you link your app against the iOS 9.0 SDK or later. All connections from the app to internet resources using NSURLConnection, NSURLSession and CFURL are required to follow the ATS security requirements.When connections do not meet these requirement, they fail with an exception.From App Transport Security (developer.apple.com)
App Transport Security (ATS) enforces best practices in the secure connections between an app and its back end. ATS prevents accidental disclosure, provides secure default behavior, and is easy to adopt; it is also on by default in iOS 9 and OS X v10.11. You should adopt ATS as soon as possible, regardless of whether you’re creating a new app or updating an existing one.
If you’re developing a new app, you should use HTTPS exclusively.If you have an existing app, you should use HTTPS as much as you can right now, and create a plan for migrating the rest of your app as soon as possible. In addition, your communication through higher-level APIs needs to be encrypted using TLS version 1.2 with forward secrecy. If you try to make a connection that doesn’t follow this requirement, an error is thrown. If your app needs to make a request to an insecure domain, you have to specify this domain in your app’s
Also See: InfoPlistKeyReference (developer.apple.com)
Pyze uses https exclusively
Since Pyze only support https to send data from your app to the Pyze servers, you do not need to lax security in your app by disabling secure connections. If you are using other third party SDKs in your app, that make http connections, please check if the vendor has a version that honors ATS, before opening up non-https connections.