ATS Disabled

3 out of 4 Developers Disable Apple Security Tech

iOS App developers are deliberately deactivating Apple security features designed to protect users in order to generated greater ad revenue. Most are completely disabling a featured called ATS in order to improve communication with ad servers but in doing so, exposing their apps to hackers.

Apple Gives Developers Freedom to Disable Security Feature

According to a report by ZDnet, security research firm Wandera conducted this extensive study of tens of thousands of apps making a clear case that the practice of disabling Apple’s recommended security measures is widespread. The purpose of the ATS or App Transport Security feature is to block communication between the App and remote servers using (unsecured) HTTP communications.

Apple gives the developers the capability to disable the security features so that they can properly test their Apps during their development period, but developers are choosing to leave the feature disabled after they are launched. Clearly given the widespread lack of use of ATS, this is not an oversite by a few careless developers or a few misbehaving developers but a widespread understanding amongst developers. They recognize that not implementing ATS is better for them.

Disabling ATS Improves Ad Revenue

When ATS was first launched in January 2017 it was initially designed to be mandatory, but Apple backed off from that stance in an unusual move for the company which often exercises tight control over its products and developer network. Is it possible that Apple has decided that what’s in the best interests of its developers is also in Apple’s best interests?

Developers want ATS disabled because it makes communication with advertising servers – the third-party computers that provide the advertising embedded within many free apps possible. With ATS activated, only encrypted communication with these servers would be possible which would increase the traffic load between the app and these servers and make some data tracking difficult or impossible for these apps reducing the effectiveness or feasibility of some forms of advertising.

That would indirectly reduce revenue for Apple in terms of market share and in terms of reduced App upgrade revenue. Implementing ATS would increase risk. It would create more errors for App developers. It would mean fewer advertisements would reach their intended targets – YOU – and that translates into less revenue for App developers.

Greater ATS Compliance with Paid Apps Proves Theory

The proof that this is the rationale for disabling ATS is found when Wandera digs deeper into the data and examines ATS compliance differences between free and paid Apps. If non-compliance driven by a desire to not block access to ad servers, then paid apps – which are usually not ad-supported, would be more likely to have ATS enabled. And that’s exactly what Wandera found.

While just 26% of Free Apps had ATS enabled, 46 of paid Apps did. This is far from full compliance, but the 20-point difference is a massive improvement and a clear indication that developers are more willing to activate ATS when advertising revenue is a reduced factor. Of course, some paid Apps still have advertising and need to contact outside servers even if they are not advertising and thus face many of the challenges faced by free apps. The desire to avoid potential blockages or slowdowns caused by ATS is not eliminated for paid Apps. It is simply reduced.

Next Steps

At MyProfyle, we believe this threat is further proof that everyone’s information is at risk from many different sources and that we are all exposed multiple times per year. The solution to identity fraud is not to try to lock your identity or seek unobtainable privacy but to control your identity – not just your credit – by putting yourself in the position know of, approve or decline activity conducted in your name. That’s MyProfyle Free For Life ™ Identity Protection.

References

ZDNet

Did You Find This Post Interesting?

Join our email list to get the latest blog posts sent to your inbox

Try it. Unsubscribe anytime.