Apple’s annual WWDC (Worldwide Developers Conference) has just shut its doors for 2015. In San Francisco, Apple developers (iOS, OS X) flocked to hear the conference to hear about Apple’s upcoming features in Apps and Software development.

Apple App Transport Security - iOS 9

On iOS Developer Library – Pre-Release platform, Apple have announced the new features of iOS 9, and the most important feature is iOS 9’s security update called App Transport Security (ATS).

What is App Transport Security?

ATS is a feature which requires an app to communicate with its related external servers over HTTPS. This is done via a declaration in its Info.plist file. ATS will be a major increase in security for Apple developers & users as it will prevent apps from accidental disclosure and offers secure environments.

ATS is similar to HSTS (HTTP Strict Transport Security). It is essentially a way to enforce HTTPS and entirely abandon HTTP so that all data transferred is encrypted and authenticated.

If you are developing a new Apple Application then you need to add this feature and if you are an existing app developer you need to start supporting ATS feature in your App.

The ATS feature will also be introduced to the newest version of OS X (OS X 10.11).

Why Apple is serious about adding ALS in iOS & OS X

Today hackers & cybercriminals are monitoring user’s activity by installing malware, adware, ransomware, etc… in their devices; These makes the device vulnerable & attackers can take control of it; they can breach user’s personal & financial information, call logs, SMS data, images, videos, important documents, etc… Researchers find a major vulnerability behind these attacks is lack of security in applications. Securing applications with schemes such as ATS is the only solution to fight back against these attacks.

Frederic Jacobs, researchers & iOS developer, tweeted about the intelligent privacy features in iOS 9.

He also said, ‘Apple may reject an application which is not secured with HTTPS’. Apple has not yet declared when it will be mandatory to support ATS, but it will be mandatory for all apps to use ATS.

Apple has shown they care about the security of its user’s data and information. Their latest effort has reinforced to end their support for HTTP in the upcoming version of their operating systems, iOS (iOS 9) & OS X (OS X 10.11), and to deprecate un-encrypted content.

As ATS will become a mandatory feature in the iOS 9 & OS X 10.11, Apple encourages all developers to migrate from HTTP to HTTPS ASAP.


Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24/7 security teams.