One of the backend improvements in iOS 9 is a strengthening of app security when accessing data from webservers. The new App Transport Security (ATS) feature ensures that only connections encrypted using HTTPS are permitted. There’s just one problem with that: not all advertisers use HTTPS, so ATS will stop some ads appearing in apps.
Google has responded by providing developers with five lines of code that allow them to disable ATS …
Given that Google is a strong proponent of HTTPS, and has a stated commitment to using the protocol for ads as well as everything else, it’s perhaps not surprising that the company has come under flack for the move. Re/code says that some see it as prioritizing ad revenue over security.
While Google remains committed to industry-wide adoption of HTTPS, there isn’t always full compliance on third party ad networks and custom creative code served via our systems. To ensure ads continue to serve on iOS9 devices for developers transitioning to HTTPS, the recommended short term fix is to add an exception that allows HTTP requests to succeed and non-secure content to load successfully.
Google updated its blog post to emphasize that it suggests this only as a last resort. It should also be noted that the code it has provided utilizes an exception capability provided by Apple itself, suggesting that Apple is of the same view: HTTPS connections are strongly preferred, but may not always be practical.
It’s not the first time iOS 9 has come into conflict with advertisers: the new version of Safari in iOS 9 also includes content blocking features that make it easier to block ads – a move that potentially threatens sites like this one that rely on ad revenue to pay the bills.