Skip to main content

App Transport Security

See All Stories

Popular apps with 18 million combined downloads in the App Store found vulnerable to silent data interception

app-store

After scanning through the binary codes of applications in the iOS App Store, Will Strafach’s verify.ly service has detected that 76 popular apps in the store are currently vulnerable to data interception. The interception is possible regardless if App Store developers are using App Transport Security or not. A few months ago, similar vulnerabilities were discovered with Experian and myFICO Mobile’s iOS apps.



Expand
Expanding
Close

Verify.ly service launches providing consumers with a security warning label for apps

app-store-ap

Consumers downloading apps from the App Store have to rely on Apple’s approval process for vetting insecure applications, and even then there isn’t a guarantee that Apple hasn’t missed something crucial. Just last year hundreds of apps in the App Store had been found to be using private APIs to collect private user data, a violation of the App Review Guidelines. The recently launched public beta test of Will Strafach’s Verify.ly service looks to provide a “warning label for apps” to everyday consumers.


Expand
Expanding
Close

Apple tells developers all apps must connect securely to servers by January 1st, 2017

iPhone-locked

While Apple introduced its App Transport Security feature in iOS 9, which ensured that all connections between apps and servers must be encrypted, it wasn’t compulsory for developers to use it – and Google even helped them disable it.

All this will end on January 1st next year, reports TechCrunch, when Apple will require all apps to use HTTPS connections to servers to ensure that only encrypted data is transmitted …



Expand
Expanding
Close