In June 2016, Apple announced that App Transport Security (ATS) will become a requirement for new App Store apps from 1 January 2017.
ATS, which was introduced in iOS 9, forces an app to connect to web services over an HTTPS connection rather than HTTP to keep data secure while in transit by encrypting it.
“Appthority researchers found that the majority of apps in the enterprise don’t fully utilize the best practices encryption standard, which should be a concern to enterprises,” said Robbie Forkish, vice-president of engineering at Appthority.
“The new ATS mandate only applies to new submissions to the App Store, and Apple will be allowing exceptions to ATS, so, while the requirement should strengthen data security, there will still be iOS apps not using data encryption in enterprise environments, even after 1 January 2017.
“For this reason, it’s incredibly important that businesses have visibility into, and management of, the risks related to apps with these exceptions, as they can put enterprise data at risk,” he said.
The research also revealed 55% of apps in use by enterprises allow the use of HTTP, instead of requiring HTTPS, while 83% had ATS disabled for all network connections and 26% had ATS disabled at a global level, with specific exceptions set up for domains.
According to Appthority, existing apps that do not comply with the ATS mandate will not be removed from the App Store, which means enterprises will have to continue to be vigilant about apps in their environments. Read more about the report here.
Source: Apps Tech News
No comments:
Post a Comment