Over the past little while, Apple has been telling iOS developers that by January 1, 2017, in order to be in the App Store, any app that made a connection to a server could do so only via a secure one — that is, only HTTPS and not HTTP connections would be allowed. They’ve just announced that “this deadline has been extended and we will provide another update when a new deadline is confirmed.”
Starting with iOS 9, apps allowed only HTTPS connections by default. However, many servers — including OpenWeatherMap’s, which powers a number of weather apps, including the one featured in my tutorial — don’t accept HTTPS connections. That’s why they still offer the option to let your app make connections over plain old HTTP by changing the default App Transport Security settings in the app’s info.plist file.
You could allow apps that you were developing to use plain HTTP connections by editing their info.plist files in its text form and adding this snippet…
<key>NSAppTransportSecurity</key> <dict> <key>NSAllowsArbitraryLoads</key> <true/> </dict>
…or do it the graphical way:
While requiring that all connections be secure ones helps to keep network data secure and reduce the probability of unwanted access, a large number of web services are still not using secure connections. This is probably the reason for the deadline extension.
You have a reprieve, iOS developers, but the sooner your apps’ connections are secure, the better.
One reply on “Apple extends the deadline for iOS app developers to make their apps connect to servers using only HTTPS”
Can developers use an HTTPS proxy they control?