Google Reveals Code for bypassing iOS 9 Security
iOS 9, which is yet to be released, comes with ATS settings to stop third-party apps from getting personal data, but Google revealed the secret code to bypass the settings. Google wrote a blog post titled “Handling App Transport Security in iOS 9” last week that created a lot of stir as the tech giant shared 5 lines of code to change the App Transport Security (ATS ) settings on iOS in order to display the advertisements. This act was considered a direct attack on iOS 9 security by many market experts. For those who are not aware of ATS; it is a security setting that makes sure that only content encrypted with HTTPS reaches the iPhone, so that the app developers cannot get to know about the users’ preferences and their behavior. So why did Google do such a thing? Let’s look at it in detail.
Major Revenue at Stake
Google generates a significant amount of its revenues from advertisements, which is why it took this step. However, the company also made it clear to developers that if they are currently designing any app, they should use HTTPS to avoid changing security settings. The code revealed by the company should only be used by those developers whose current apps are not encrypted in HTTPS format. Google also mentioned that it has always supported HTTPS encryption.
Code is revealed on Developers Demand
Market experts started criticizing Google soon after it published its blog post, with some people saying that the company gave priority to its revenues while ignoring the security of iOS users. This led Google to publish an update in the blog post just to make it clear that its intentions are pure. In its defense, the tech giant said that it shared the code on the demand of developers who wanted to know how to change the security settings just for adding ads, as their earnings also depend on the advertisements and apps. Google also mentioned in the blog post that this method should be considered as the last option and urged developers to first try other means. It further added that the code for ATS settings contains exception capability, and that Apple also believes that HTTPS connections should be preferred over other connections, though that is not always possible.
History Is Repeating Itself
It seems that Google has not learned anything from its previous mistakes. It is not the first time the company is doing something to protect its revenues while changing security settings of Apple devices. The company paid $22.5 million fine in 2012 for hacking Apple’s Safari browser just to disable an ad-blocking tool.
The legality of Google’s action is not the main concern of general public. What most iOS users are angry about is security concerns arising from revelation of such codes, as such moves can encourage developers to bypass iPhone security.