HTTPS required on new version of iOS (iOS 9) - also for previous releases of Genus Mobile!

Product 23/10/2015 by Jonas Eikli

All connections between Genus Mobile and Genus Server must use HTTPS on iOS 9 or later when Genus Mobile runs on iPhone or an iPad.

 

This implies: As soon as one of your users upgrade to iOS 9 – irrespective of which release of Genus Mobile they are running – and if HTTP (not HTTPS) is used – their Genus Mobile app will stop working!

 

The reason behind this, is that in the new version of iOS for iPhones and iPads, Apple have added a new privacy feature called App Transport Security to improve security in secure connections between an app and its back end. The default App Transport Security requirements are:

  • The server must support at least Transport Layer Security (TLS) protocol version 1.2.
  • Connection ciphers are limited to those that provide forward secrecy (see the list of ciphers below.)
  • Certificates must be signed using a SHA256 or greater signature hash algorithm, with either a 2048-bit or greater RSA key or a 256-bit or greater Elliptic-Curve (ECC) key.
  • Invalid certificates result in a hard failure and no connection.

 

The above bullet list is taken from https://developer.apple.com/library/prerelease/ios/technotes/App-Transport-Security-Technote/.

 

In short, this means that all Genus Mobile application models running on iOS 9 using HTTP must be reconfigured to use HTTPS as soon as possible!