While much of the attention has focused on the differential privacy announcement Apple made during its Worldwide Developers Conference earlier this week, The company also made some important security changes to both iOS and OS X that are designed to provide some long-term protections for users.
The security upgrades are not as splashy as the privacy policy shift Apple announced, but they may prove to be equally as important over the long haul. On the mobile side, the company said that starting on Jan. 1, 2017, developers will be required to force all of their iOS apps to connect to the Web over HTTPS rather than insecure HTTP. The feature, known as App Transport Security, was turned on by default in iOS 9, released last September, but developers had the ability to turn it off if they chose. That option will disappear when iOS 10 hits the streets later this year.
“If you’re developing a new app, you should use HTTPS exclusively. If you have an existing app, you should use HTTPS as much as you can right now, and create a plan for migrating the rest of your app as soon as possible. In addition, your communication through higher-level APIs needs to be encrypted using TLS version 1.2 with forward secrecy,” Apple said in its release notes for developers on iOS 9.
This change provides important protection for communications between mobile apps and remote Web services. Using encrypted connections helps prevent man-in-the-middle attacks that allow attackers to intercept and monitor users’ traffic to various sites. Many large sites use HTTPS by default, but mobile apps are a different world, and usually not a secure one. So in iOS 10, developers will no longer have the option of turning ATS off, which is an important incremental security change.
On the Mac platform, the major difference in the next version of the operating system–to be known as macOS Sierra–is a small change in the Gatekeeper security system. Right now, Apple gives users their choice of three options when it comes to installing apps: installing apps from anywhere; installing apps from the Mac App store and identified developers; or installing apps from the App Store only. The most permissive of those choices is the first one, and it’s also the riskiest from a security perspective. Apple’s App Store has strict guidelines for developers and requires them to have code-signing certificates.
In the macOS Sierra beta, the “install from anywhere’ option is gone. However, users can still right-click on unsigned apps or those not from identified developers to run them anyway. That function essentially overrides the Gatekeeper protection and tells the OS that user wants to trust this app. The change is a subtle, but important, one. Many users may not know about the right-click option, and likely will stick to the more-secure options.