Appthority warns only 3% of enterprise apps comply with upcoming Apple security mandate

(c) Lemola

Apple is making a series of security changes for the new year – yet according to new research from Appthority, only 3% of enterprise apps are fully compliant with the new security mandate.

The research, which examined the top 200 iOS apps installed on enterprise devices worldwide, showed a relatively meagre proportion of apps which fully meet App Transport Security (ATS) data encryption requirements.

More than half (55%) of apps allow use of HTTP, instead of requiring HTTPS – another important aspect to Apple’s new mandate – while 83% of apps analysed had ATS disabled for all network connections, and more than a quarter (26%) had ATS disabled at a global level.

“Although Apple’s ATS encryption requirements go into effect in just a few weeks, Appthority researchers found that the majority of apps in the enterprise don’t fully utilise the best practices encryption standard, which should be a concern to enterprises,” said Robbie Forkish, vice president of engineering at Appthority in a statement.

“The new ATS mandate only applies to new submissions to the App Store, and Apple will be allowing exceptions to ATS, so, while the requirement should strengthen data security there will still be iOS apps not using data encryption in enterprise environments, even after January 1.

“For this reason, it’s incredibly important that businesses have visibility into, and management of, the risks related to apps with these exceptions, as they can put enterprise data at risk,” added Forkish.

Appthority’s analysis on the enterprise mobile space continues to cut through the hype and give a realistic view. Back in August, a report argued that the rise of Android vulnerabilities means there are three issues enterprises need to look at; employee productivity, data security, and app store vetting.

You can find out more about the report here.

Related Stories

Leave a comment


This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.