Even though Google has made it clear that it supports Apple’s concern for privacy and decision to implement more encryption in its products, the company is still helping app developers bypass one of Apple’s new security features for iOS 9. Known as App Transport Security (ATS), this new feature is supposed to keep iOS as secure as possible, but it also has the unfortunate side effect of blocking mobile ads for certain app developers, which obviously kills revenue. In order to get around this, Google has published five lines of code that developers can use to get around ATS, which the company has called a “short-term fix.”
Google has told iOS 9 app developers to disable Apple’s enforcement of HTTPS-only connections – or their in-app Google ads won’t show up on up-to-date iPhones and iPads. Apple has added what it calls App Transport Security (ATS) to iOS 9 and OS X 10.11, which ensures software only uses encrypted connections when talking to servers and other systems over the network. It’s supposed to make sure programmers always protect people from eavesdroppers and man-in-the-middle tampering: when an app sends someone’s personal data over the internet to the app maker’s backend servers, the information should be safeguarded by encryption. But this enforcement can be switched off on a per-application basis. Apps can be built using the Google Mobile Ads software development kit to show adverts on-screen, and earn developers cash. By not showing these ads, the programmers lose out on vital revenue. On Wednesday, Google admitted that it’s still shifting a ton of adverts over unencrypted HTTP connections – and apps running on iOS 9 and OS X 10.11 with ATS switched on will be forbidden from connecting to Google’s ad network over HTTP. That means no Google adverts can be dished out to those applications. No dosh for the developers. No cut for Google. So Google’s advice is to: switch off ATS, and let apps fire off connections over HTTP and HTTPS.
