Having the power to break or make technologies just by ignoring or supporting them completely allows Apple to have that industry weight since ages now. The demise of Flash happened after Apple’s refusal to adopt the same while HTML5 became a favorite in web usage soon after getting Apple’s support.
The Development of HTTPS
It was during Apple’s developer conference which was held a few days back in Cupertino, that this giant encouraged website and app encryption through HTTPS use by default. The iOS 9’s pre-release documentation quoted the company saying ‘If you are developing a new app, you should use HTTPS exclusively. If you have an existing app, you should use HTTPS as much as you can right now, and create a plan for migrating the rest of your app as soon as possible.’
Moreover, a new privacy feature known as the App Transport Security or ATS is being used by Apple to change the mind of developers. ATS allows an app to add a declaration to its Info.plist file specifying the domains with which it requires secure communication. Being quite easy to adopt, it provides secure default behavior while also preventing disclosure by accident. Apple says that ATS should be adopted at the earliest regardless whether an iOS developer is updating an existing app or creating a brand new one.
This adoption of encryption is not being promoted by Apple alone. All federal websites are to be encrypted by the starting of 2017 as ordered by the White House. This order was passed a few days after the Syrian Electronic Army tried to allegedly hack into the US Army’s website, defacing it with messages like ‘Your commanders admit they are training the people they have sent you to die fighting.’
In order to enforce HTTPS connections to website developers in a simpler way, Microsoft has brought in a new feature called HTTP Strict Transport Security or HSTS in its new ‘Edge’ browser.
What does the future hold for HTTPS?
Center for Democracy and Technology’s staff technologist Greg Norcie was quoted saying ‘The writing is on the wall – HTTPS is the future, and those who have not adopted it need to develop a plan to do so before the decision is made for them, either by users who prefer a provider that respects the security of their personal data, or by regulators who may view failing to enable HTTPS as failing to adopt industry best practices.’
Apple is not yet making ATS use mandatory for the developers but as things are shaping up, it might just happen in the near future. It is only encouraging developers to use ATS in existing and new apps for now.