Apple Ups the Encryption Ante: Don’t Get Left Behind
Written by Greg Norcie
Earlier this week, at the Apple Worldwide Developers Conference (WWDC), Apple announced a new iOS9 feature: App Transport Security. App Transport Security allows iOS app developers to ensure internet traffic flowing to and from an app is encrypted. Apple’s announcement goes on to state:
“If you’re developing a new app, you should use HTTPS exclusively. If you have an existing app, you should use HTTPS as much as you can right now, and create a plan for migrating the rest of your app as soon as possible.”
Apple is joining the growing ranks of the encryption vanguard, alongside the World Wide Web Consortium, the Internet Engineering Task Force, the United States Federal Government, and soon Mozilla Firefox and Google Chrome. As CDT mentioned in our recent white paper, HTTPS is quickly becoming a best practice on the web, and organizations who fail to adopt it face lost revenue when customers migrate to more privacy respecting providers, as well as potential regulatory scrutiny in the event of a data breach.
HTTPS is the colloquial term for internet traffic traffic encrypted with the TLS protocol. HTTPS provides several benefits. By encrypting data in transit, HTTPS protects users’ communications from pervasive surveillance. HTTPS also reduces the risk of data breach by keeping criminals from scooping up personally identifiable information on the wire. Finally, HTTPS also helps users know the site they’re communicating with is authentic, and not a phishing attempt.
The writing is on the wall: HTTPS is the future, and those who have not adopted it need to develop a plan to do so – before the decision is made for them, either by users who prefer a provider that respects the security of their personal data, or by regulators who may view failing to enable HTTPS as failing to adopt industry best practices.