Application Transport Security deadline for iOS apps
Mark Waddingham
mark at livecode.com
Mon Jul 11 09:52:23 EDT 2016
On 2016-07-11 14:25, Paul Dupuis wrote:
> I realize that LiveCode has no influence over Apple, but this is one of
> the most bone-headed thing Apple has ever done to it's developers.
> There
> are millions of web servers out there without any logins, serving
> publicly available data or information, that do not need to be
> encrypted
> and the small organizations that run them will not add SSL certs for
> HTTPS service. They don't have the technical expertise, or time, and
> will not spend the money to pay to have it done. Developers who scrape
> data off web sites that they have no control over will have their apps
> break with no effective way to ever fix them. Aside from broken Apps,
> Apple will, in effect, be censoring a large part of the internet from
> it's iOS users unless their own browser still allows HTTP (in which
> case
> they are being hypocrites). I truly hope someone sues them over such
> censorship on 1st amendment (freedom of speech) grounds.
It seems that Apple are putting the infrastructure in place to deal with
the situations you describe:
http://www.techrepublic.com/article/how-to-migrate-to-https-using-app-transport-security-when-developing-ios-apps/
In particular, when ATS is enforced, you will still be able to request
exceptions in the info plist - as long as you can justify them.
For example, you might have a hard time justifying an exception for your
own server for a new app you have just written; however, you won't have
a hard time justifying the need to add an exception for
www.somepublicsitewhichisnothttpsyet.org over which you have no control.
Of course, Apple will likely become more and more strict over time - but
it sounds like there is still 'plenty' of time for third-party HTTP-only
services to upgrade. I imagine there will be a great deal less time for
web services owned and controlled by the app vendor to do the same,
however.
Warmest Regards,
Mark.
--
Mark Waddingham ~ mark at livecode.com ~ http://www.livecode.com/
LiveCode: Everyone can create apps
More information about the use-livecode
mailing list