One of the backend improvements in Apple’s upcoming iPhone and iPad operating system update iOS 9 is a strengthening of app security when accessing data from webservers. The new App Transport Security (ATS) feature ensures that only connections encrypted using HTTPS are permitted. There’s just one problem with that: not all advertisers use HTTPS, so ATS will stop some ads appearing in apps.
Google has responded by providing developers with five lines of code that allow them to disable ATS …
While Google remains committed to industry-wide adoption of HTTPS, there isn’t always full compliance on third party ad networks and custom creative code served via our systems. To ensure ads continue to serve on iOS9 devices for developers transitioning to HTTPS, the recommended short term fix is to add an exception that allows HTTP requests to succeed and non-secure content to load successfully.
Given that Google is a strong proponent of HTTPS, and has a stated commitment to using the protocol for ads as well as everything else, it’s perhaps not surprising that the company has come under flack for the move. Re/code says that some see it as prioritizing ad revenue over security.
Google updated its blog post to emphasize that it suggests this only as a last resort. It should also be noted that the code it has provided utilizes an exception capability provided by Apple itself, suggesting that Apple is of the same view: HTTPS connections are strongly preferred, but may not always be practical.
It’s not the first time iOS 9 has come into conflict with advertisers: the new version of the Safari web-browser in iOS 9 also includes content blocking features that make it easier to block ads – a move that potentially threatens sites like this one that rely on ad revenue to pay the bills.