2017 – The Year of HTTPS

Update: December 21, 2016

Apple just announced that they are delaying their implementation of the HTTPS requirement from January 1, 2017 to a future date to be determined.   https://developer.apple.com/news/?id=12212016b

While Apple delayed implementation, we still believe that is a good idea to move to HTTPS early in the new year.

———————————————————————————–

With less than 45 days left in the year, it’s time to start thinking about plans for 2017.  And if you are still using HTTP, you should think about making a resolution to switch to HTTPS.

Both Apple and Google have made announcements about changes that start in January that will impact forums that use HTTP.  The announcements by Apple and Google indicate that forums that continue use of HTTP could see a reduction in member logins and total pageviews.

Google Chrome – Logins using HTTP will be marked as Not-Secure

Google announced in a Google Security Blog, that beginning in January, Google Chrome will indicate all sites using HTTP that the login is “Not-secure.”

Screen Shot 2016-11-17 at 12.01.58 PM

And throughout 2017, Google Chrome will increase the warnings to sites using HTTPS, eventually, labeling  all HTTP pages as Not-secure, and change the HTTP security indicator to the red triangle.

Screen Shot 2016-11-17 at 12.05.32 PM

Apple – HTTPS required for all new apps, and app updates

Beginning January 1, 2017, Apple is requiring all apps to secure connections via HTTPS and certain other security requirements.  These new requirements are called App Transport Security, or ATS.  For more information, see TechCrunch  for an overview and  Apple Developer  for technical details.

At least in the near term, Apple is expected to allow apps already approved in the App Store to remain there without being updated. However, as of Jan. 1 all new and revised apps submitted to Apple for approval will need to be ATS-compliant. To be ATS-Complaint, a sites must use HTTPS.  Sites using HTTP will not be in compliance with ATS requirements

The new requirement is subject to Apple’s App Review Team’s judgement.  Based on reading of the Apple’s requirement and conversations, this is what we think the HTTPS requirement means for Tapatalk and BYO (branded) apps:

  • After January 1, Tapatalk will continue to be available, and can include forums that use HTTP
  • However, overtime, this may change as Apple increases adherence to HTTPS requirement
  • All BYO apps currently in the App Store will continue to be available in the App Store
  • After January 1, it’s unlikely that Apple will approve new BYO apps or updates to existing apps (unless the sites are HTTPS)
  • Google has not required Android apps use HTTPS. At least not yet

For any sites still using HTTP, we strongly recommend you upgrade to HTTPS as soon as possible.  Upgrading your site to HTTPS is not difficult and your hosting provider may be able to help you with this. Security certificates are required for each of such sites, and this too can be obtained through your hosting company or elsewhere.

Once you update to HTTPS, you can login to Tapatalk>Sites>Site Settings and update your Forum URL.

Need Help converting to HTTPS

We found this very helpful site that can provide free, automated, and open Certificate Authority:

https://letsencrypt.org/

We also have worked with Total Web Systems LTD that also provides a service to move your site to HTTPS.

http://appstoreupload.com/build-your-own-byo/secure-your-app-using-https-ssl/

While updating to HTTPS does take some work, the use of HTTPS will help ensure a safer internet for everyone.  And with the pending changes by Google and Apple, continuing use of HTTP have implications that could well reduce member logins and total pageviews.

If you have any questions, please login to Tapatalk and submit a support ticket.  

No Comments

Comments are closed.