All iOS Apps Must Move to HTTPS Connections by the End of 2016, Apple Warns
Apple has revealed that apps on iOS will have to switch to an important security feature, App Transport Security, by the end of 2016. This means that iOS apps that communicate with a server will be more secure in the future once ATS becomes mandatory for all the apps.
iOS apps must switch to Apple's ATS security protocol
Apple debuted ATS with iOS 9, and the company is now moving to making the protocol a requirement for all the iOS apps. Apps will have to adopt this security protocol that is designed to offer secure communication between an app and its server. The protocol is on by default in iOS 9 and macOS 10.11, as Apple had suggested developers to use ATS "as soon as possible." But now, all the iOS apps in the App Store will have to switch to ATS before January 1, 2017, Apple shared the deadline at a security presentation at its Worldwide Developers Conference.
Apple has explained that the App Transport Security "prevents accidental disclosure" of users' personal information, along with providing "secure default behavior" for apps. The security protocol essentially forces an app to connect to web services over an HTTPS connection rather than HTTP. HTTPS keeps user data secure when it's in transit by encrypting it.
App Transport Security (ATS) enforces best practices in the secure connections between an app and its back end. ATS prevents accidental disclosure, provides secure default behavior, and is easy to adopt; it is also on by default in iOS 9 and OS X v10.11. You should adopt ATS as soon as possible, regardless of whether you’re creating a new app or updating an existing one.
ATS was enabled by default in iOS 9, however, developers could still switch it off and allow their apps to send data over an unsecure HTTP connection. It is not a surprising step considering Apple's increased focus on privacy and user data security. This is an important decision as currently while it's easier for users to see if the site they are visiting is secure by spotting HTTPS in their browsers, mobile apps don't offer that level of transparency. Starting 2017, iOS users will have the security that the data transmitted between their apps and the servers stays on secured connections.