Apple has backtracked on its plan to enforce a year-end deadline for 2016 that would have required developers to move apps to an HTTPS-only model in an effort to thwart eavesdropping on insecure, plaintext HTTP connections.
In a short statement at the end of last month, Apple said that a requirement for developers to adopt App Transport Security would be extended. It did not set a new deadline.
The statement on Apple’s website read: “App Transport Security (ATS), introduced in iOS 9 and OS X v10.11, improves user security and privacy by requiring apps to use secure network connections over HTTPS. At WWDC 2016 we announced that apps submitted to the App Store will be required to support ATS at the end of the year.
To give you additional time to prepare, this deadline has been extended and we will provide another update when a new deadline is confirmed. Learn more about ATS.”