App developers not ready for iOS transport security requirements

App developers not ready for iOS transport security requirements

A month before Apple is expected to enforce stricter security requirements for app communications in iOS, enterprise developers don’t seem ready to embrace them, a new study shows.

The study was performed by security firm Appthority on the most common 200 apps installed on iOS devices in enterprise environments. The researchers looked at how well these apps conform to Apple’s App Transport Security (ATS) requirements.

ATS was first introduced and was enabled by default in iOS 9. It forces all apps to communicate with Internet servers using encrypted HTTPS (HTTP over SSL/TLS) connections and ensures that only industry-standard encryption protocols and ciphers without known weaknesses are used. For example, SSL version 3 is not allowed and neither is the RC4 stream cipher, due to known vulnerabilities.

To read this article in full or to leave a comment, please click here

Source: Security

0Shares

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.