Ben Lovejoy, 9To5Mac:
While Apple introduced its App Transport Security feature in iOS 9, which ensured that all connections between apps and servers must be encrypted, it wasn’t compulsory for developers to use it – and Google even helped them disable it.
All this will end on January 1st next year, reports TechCrunch, when Apple will require all apps to use HTTPS connections to servers to ensure that only encrypted data is transmitted
For some reason my immediate thought was: Apple vs. FBI anyone?
This is really good news.
Note, though, that enforcing HTTPS doesn’t imply end-to-end encryption. From the Wikipedia page on HTTPS:
Additionally, it provides bidirectional encryption of communications between a client and server, which protects against eavesdropping and tampering with or forging the contents of the communication.
HTTPS provides encryption until data reaches the server (and vice-versa). Data can then be decrypted on the server. End-to-end encryption implies the data isn’t decrypted until it reaches the destination — most commonly, recipients of IM messages — even if that involves going through a server.
I make the distinction, because I thought about Google’s Allo and Facebook Messenger when I saw this news and wondered about their lack of encryption by default. It’s end-to-end encryption they lack; HTTPS is most likely enabled on both.