After reviewing thousands of applications on the App Store, the service Will Strafach found less than 76 applications for iOS vulnerable to data interception. That is to say that the information which are inserted in the app may be stolen by others, regardless of the fact that developers use the App Transport Security or less.

The service is born to help developers make their apps more secure, and so far has detected vulnerabilities in applications that together have been downloaded over 18 million times.

The risks present in the app are not all alike. Some have a higher risk level, other medium and other still low. The “App Transport Security” (ATS), introduced with iOS 9, serves to increase the security and privacy of users, forcing the app to use an HTTPS connection. Apple had originally set the date of January 1, 2017 so that all apps were updated to this Directive, but then the company has extended the date-limit, going to create a non-configuration problem in the code that validates TLS connections.

Apple has no way to resolve the situation on his side because, if attivasse the block that only accepts applications based on secure connection, would create havoc in the App Store with a huge percentage of applications that stop working. The only way to solve this problem affects developers who should independently update their app.

Some of the app at risk are related to services such as Snapchat or ooVoo, ViaVideo, Snap Upload for Snapchat, Uploader Free for Snapchat and Cheetah Browser.

The risk is actually not so high. Basically the bad guys might be able to extract the login details should these connected under the same WiFi network. It becomes more dangerous if you use public WiFi hotspots but using “normal”, at home or LTE connection, there is no risk.

Share This