Although Apple made the App Transport Security (ATS) a mandate some time back, it still has not been adopted by many applications.
In a previous announcement, Apple had made it very clear to all the apps in the apple app store, that going forward, it would be a mandate to use HTTPS connections instead of HTTP, so that user security can be maximized. This feature, also termed as ATS, was to be implemented by all applications latest by 1st January, 2017. Apple later called back the date in December 2016 and mentioned that an extension for the January deadline would be in place. So far Apple has mentioned nothing about the date, which means that ATS implementation is still at large by many applications. Some of them might even be vulnerable to attacks.
In order to ascertain the detrimental effects of this delay in implementation of the App Transport Security, a service called verify.ly was called upon, to made a deep scan of the binary codes in the Apple App Store. Shockingly, there were more than seventy apps that did not clear the vulnerability test. These apps were still using the HTTP connection, further exposing their users’ data to high risks of data theft and misuse.
On a contrary note, a verify.ly insider mentioned that the ATS was hardly a suitable tool to keep vulnerability from spreading. This comment did stir up some worry, but the insider was quick to explain how 33 low risk apps could hardly affect the user at all, since the information exposed would not cause any major affect. The 24 medium risk applications may have troubles with login credentials getting saved on the servers being compromised, while 19 high risk apps could cause major financial login credentials getting stolen.
Experts have suggested that users should use all financial related websites through cellular network as the WiFi connection makes it easier for hackers to hack the application, further leading to personal data being lost.