Although Apple has extended the deadline for ATS switchover, it is highly recommended app developers and publishers use services that support ATS.

Pyze Growth Intelligence® customers do not have to make any changes.  Pyze has supported ATS since iOS 9 launched.  Pyze uses HTTPS exclusively.

Here is the Apple post, extending the ATS deadline.

Supporting App Transport Security

December 21, 2016

App Transport Security (ATS), introduced in iOS 9 and OS X v10.11, improves user security and privacy by requiring apps to use secure network connections over HTTPS. At WWDC 2016 we announced that apps submitted to the App Store will be required to support ATS at the end of the year. To give you additional time to prepare, this deadline has been extended and we will provide another update when a new deadline is confirmed.


From previous Pyze blog posts

Here is the Pyze original blog post about ATS, repeated below.


During a security presentation at Worldwide Developers’ Conference, Apple revealed the deadline for all apps in its App Store to switch on App Transport Security before January 1, 2017. {Update: It has not been extended}

Scope

It is important for app publishers to note that this applies to all services they use

  • mBaaS or Mobile backend as a service providers
  • SaaS platforms for mobile app performance management, crash analysis, basic analytics,
  • Push notification service providers,
  • Growth Intelligence platforms for Contextual marketing and Growth Automation platforms

You will not be able to submit apps to the app store if your provider does not support HTTPS or TLS 1.2.  Apps submitted before Jan 1, 2017 are expected to continue to work with HTTP.

Pyze Growth Intelligence® customers do not have to make any changes.  Pyze has supported ATS since iOS 9 launched.

With iOS 9, a new security feature App Transport Security (ATS) is available to iOS apps and is automatically  enabled when you link your app against the iOS 9.0 SDK or later.  All connections from the app to internet resources using  NSURLConnectionNSURLSession and CFURL are required to follow the ATS security requirements.When connections do not meet these requirement, they fail with an exception.From App Transport Security (developer.apple.com)

padlock-icon

App Transport Security (ATS) enforces best practices in the secure connections between an app and its back end. ATS prevents accidental disclosure, provides secure default behavior, and is easy to adopt; it is also on by default in iOS 9 and OS X v10.11. You should adopt ATS as soon as possible, regardless of whether you’re creating a new app or updating an existing one.

If you’re developing a new app, you should use HTTPS exclusively.If you have an existing app, you should use HTTPS as much as you can right now, and create a plan for migrating the rest of your app as soon as possible. In addition, your communication through higher-level APIs needs to be encrypted using TLS version 1.2 with forward secrecy. If you try to make a connection that doesn’t follow this requirement, an error is thrown. If your app needs to make a request to an insecure domain, you have to specify this domain in your app’s Info.plist file.

Also See: InfoPlistKeyReference (developer.apple.com)

Pyze uses https exclusively

Since Pyze only support https to send data from your app to the Pyze servers, you do not need to lax security in your app by disabling secure connections.  If you are using other third party SDKs in your app, that make http connections, please check if the vendor has a version that honors ATS, before opening up non-https connections.

See ATSTLSNSURLConnectionNSURLSessionCFURLHTTPS (HTTP Over TLS)

PyzeAdvisory

Posted by Dickey Singh

Dickey Singh is the CEO and co-founder at Pyze and has over two decades of experience in mobile, Big Data and SaaS. He started Pyze to help app publishers engage, retain and grow their mobile users using automation. https://twitter.com/DickeySingh Get Pyze: https://pyze.com