Migrating iOS apps to use SSL

Migrating iOS apps to use SSL

Apple introduced ATS (App transport security) in iOS 9 and it was turned on by default with the option of developers choosing to keep it that way or turn if off.

ATS forces apps to call API’s or connect to servers using the secure and encrypted https protocol instead of the insecure http. This makes passwords and any other sensitive data we transmit over the internet secure and keeps it away from the prying eyes of hackers and bots.

For the technical amongst us ATS requires TLS v 1.2 with the exception for few services like media streaming which are already encrypted.

ATS, though default wasn’t mandatory until now. Starting 2017, Apple made ATS mandatory and is forcing developers to use ATS & https. And is rejecting apps that don’t communicate over https.

Who is affected

  • Any app that talks to a server over http. (API calls over http) – e.g. Apps with user authentication, apps that store information in the cloud etc.

  • Apps using third party libraries that haven’t migrated to ATS.

  • Apps that use https, but haven’t migrated to ATS.

Who isn’t affected

  • Standalone apps
  • Apps that have already migrated to ATS.

How to migrate existing apps to SSL

Fortunately migrating from http to https although technical is not complicated. App owners can buy SSL certificates from authorised providers like RapidSSL or StartSSL or any other provider of their choice.

The providers will usually take anywhere between 24 hours to 5 days to process the certificates based on the type of validation needed. Basic validation is enough in most cases except in the case of Finance and e-Commerce apps.

Once the certificates are ready, the installation differs based on the server configuration(IIS/Apache/nginx/Wordpress etc.). If you know the technical know how, you can handle this or this is best left to experts.

After the servers are ready and tested, all it takes is to make the one change in the iOS app and it should be ready to go.

Note: As with any change, install the certificates in the development environment and make sure everything is working fine before pushing the changes to production.

Leave a Reply

Your email address will not be published. Required fields are marked *