Blog Home
By Stephanie Musal • June 22, 2016

Apple's new requirements and what they mean for your application

At WWDC 2015 Apple introduced its ATS (App Transport Security) service. This service was designed to ensure that apps use the secure HTTPS protocol when making API calls and connecting to web services. The issue, developers could circumvent the use of ATS by disabling the service completely, or by whitelisting specific URLs in the entitlements file. This functionality was of course discouraged by Apple, and they recommended that it be left enabled and HTTPS connections be used whenever possible.  Additionally Apple left a few bread crumbs for future changes by noting in the iOS 9 release documentation that developers should begin creating plans for migrating their apps to fully enable ATS.


One year later Apple is readdressing the issue with a higher sense of urgency. In an announcement at WWDC 2016 Apple revealed that they will require ATS to be enabled for any app that is submitted to the app store by January 1st 2017. For some developers this will mean major retooling of their apps, however for the individuals who chose to head their warning or use a proven security focused platform such as CloudMine to build their apps the transition will be painless or potentially non-existent.


CloudMine’s platform is highly focused on security, boasting HIPAA, HITECH, and HITRUST compliance. Each API call made through the platform is encrypted and already utilizes the HTTPS protocol. To further ensure compliance with ATS the platform utilizes RSA based TLS v1.2 ciphers as laid out in the Apple ATS connection requirements. This dedication to security not only provides clients with peace of mind that their data is secure while in transit, but also that it will remain so as we continue to stay ahead of the curve in the ever changing mobile landscape.


Below is a snapshot from SSL Labs which outlines our security scores and protocols for one of our exposed API endpoints. We welcome you to visit SSL Labs site or any other trusted SSL testing sight you prefer to verify our endpoints for yourself. We are confident in our dedication to keep your data safe, as well as keeping your apps compliant to meet Apple’s security standards, thus minimizing the headaches that can occur when submitting an app for approval.

ATS isn’t the only security area we take very seriously, we have also recently published a very in depth post on system hardening best practices. If data security is as important to you as it is to us, check out that post HERE, as well.