The App Transport Security (ATS) is a standard introduced by Apple in order to improve application security best practices. Announced at the Worldwide Developers Conference in June last year, it’s another evidence of dedication to security and customer privacy. It has first debuted in 2015 and it’s a part of a wider shift toward https-based connections. Various industries dealing with highly sensitive user data have already deployed https solutions.
What does it mean in detail
ATS transfers app data over secure https connections instead of http, which means reducing the potential of user exposure to code or data theft. This change applies to web links within an app. For example, a link presented as http://www.aquafadas.com will need to be read https://www.aquafadas.com https means that the server that hosts this website has been secured (SSL) by an authentication certificate.
Is the ATS update mandatory?
Originally, as announced in June 2016, all apps submitted to its various App Stores were required to use the App Transport Security standard by the end of 2016. However the implementation has been pushed back to an as yet unannounced date in order to give app developers more time to prepare. Which means that at the time of submitting an application, it’s still simply possible to indicate that it’s not ATS compatible (by deactivating the default feature). For applications that are already online, there are no compatibility requirements from Apple. But it will soon become mandatory from Apple. So, it’s necessary to prepare by replacing app links http by those in https (and by having the appropriate servers secured by technical teams).
What will happen if I do not replace the current http links with the https links?
If, upon submission, the app claims an ATS compatibility, the http links will not work and an error message will appear indicating that it was blocked for security reasons.
What do I need to do to have my Aquafadas apps ATS compatible?
- Update your application using AppFactory 4.7. Aquafadas is ensuring that your application will get a secure connection to our servers. All applications built with AppFactory 4.7 (and later) are aligned with Apple’s requirements. Only your content, hosting, if you manage it on your own, and url addresses created in AppFactory should be compatible.
- Replace all http:// links created in AppFactory and in your Store Model (when you created the layout of your application in Cloud Connect) with https:// links.
- Host you AVE files on a secured server (SSL). If Aquafadas is hosting your files, please note that all our servers are already secured.
- Include https:// links only in your AVE files. For your convenience, Aquafadas automatically converts all http links from your files into https. As of today, most websites (including YouTube, Facebook…) use secured servers and already get an https:// address (for example https://youtube.com).
- Test your application to check all the links included (otherwise your application may simply be rejected).
What should I do if my server is not secured (SSL)?
Aquafadas automatically converts all http links from your AVE files into https. But, should your server not be secured, and therefore links to your server not be converted, you can document specific links in AppFactory. How? Upon creating your application, you can indicate up to 3 http domain names that should not be converted into https. Beware that upon submitting to Apple, you will have to specify those unsecured links (for your application not to be rejected).