Apple Delays App Store Security Deadline For Developers

Reader Trailrunner7 writes: Apple has pushed back a deadline for developers to support a key transport security technology in apps submitted to the company's app stores. Officials said at the Apple Worldwide Developers Conference earlier this year that developers would have to support Apple Transport Security by the end of 2016. But on Thursday, the company announced that it has decided to extend the deadline indefinitely. ATS is Apple's collection of transport security standards designed to provide attack resistance for data that's sent between iOS and macOS apps and backend servers. It requires apps to support a number of modern transport security technologies, including TLS 1.2, AES-128 or stronger, and certificates must be signed using SHA-2. ATS also requires the use of forward secrecy, a key-exchange method that protects encrypted sessions even if the server certificate is compromised at some point in the future.

Legacy Apps

TFA says this will be enforced at the App Store level. How long until they decide to enforce it at the iOS level and effectively kill off legacy apps which aren't being maintained any more but are still used daily by gobs of people?

Re:Really ?

[TheFakeTimCook]

. . . .it's not like Apple has a good record on SSL/TLS. Heck, other reports are noting that the Apple Store itself re-directs https connects to vanilla http connections.

This is NOT Rocket Science. . . .

Obviously, they had significant grumbling from the Dev. community.

But this is like when they pushed-back the Sandboxing requirement a few years ago: It will happen.

How about a little less negativity, and a little more support for Apple at least attempting to drag Devs. into using more robust security?