Application Transport Security deadline for iOS apps
Paul Dupuis
paul at researchware.com
Mon Jul 11 08:25:09 EDT 2016
On 7/11/2016 7:05 AM, Peter TB Brett wrote:
> Hi all,
>
> Many LiveCode developers currently disable (Application Transport
> Security) ATS when deploying to iOS in order to access web resources
> over insecure HTTP, rather than HTTPS
>
> Apple will be requiring ATS for all iOS apps submitted to the app
> store from the beginning of 2017. At that point, we will remove the
> option to disable it from the standalone builder.
>
> If you distribute an iOS app and currently depend on disabling ATS,
> then you will need to take action.
>
> By the end of 2016, you will need to make sure that all of the servers
> that your app needs to communicate with have valid SSL certificates
> and can be accessed over HTTPS. The "Let's Encrypt" project may be
> useful. https://letsencrypt.org/
>
I realize that LiveCode has no influence over Apple, but this is one of
the most bone-headed thing Apple has ever done to it's developers. There
are millions of web servers out there without any logins, serving
publicly available data or information, that do not need to be encrypted
and the small organizations that run them will not add SSL certs for
HTTPS service. They don't have the technical expertise, or time, and
will not spend the money to pay to have it done. Developers who scrape
data off web sites that they have no control over will have their apps
break with no effective way to ever fix them. Aside from broken Apps,
Apple will, in effect, be censoring a large part of the internet from
it's iOS users unless their own browser still allows HTTP (in which case
they are being hypocrites). I truly hope someone sues them over such
censorship on 1st amendment (freedom of speech) grounds.
More information about the use-livecode
mailing list