HTTPS Encryption for iOS and Android

The Internet, as a whole, is moving towards universal encryption. Frankly, it‘s no longer a matter of “if,” it’s a matter of “when” the world wide web will be fully encrypted.

There are myriad reasons for this, from the rise in prevalence and the sophistication of cybercrime to growing concerns over personal privacy. Right now the browser community is pushing this initiative forward quietly, offering subtle perks like boosts in SEO rankings to websites that encrypt while withholding advanced features from sites that don’t.

Soon the push will move from subtle-to-overt, as the browsers mark non-encrypted sites as unsecure and place negative indicators in the address bar beside the offending site’s URL.

But as the internet has evolved, so too has the way that people use it. What was once only available on computers via dial-up is now accessible from smartphones and tablets using wireless data and broadband.

This in turn has created new attack vectors for hackers and cybercriminals who have begun targeting mobile devices in order to steal personal data or carry out other forms of malfeasance.

A Step Towards Cybersecurity Awareness

Fortunately, the two leaders in mobile phone technology — Apple and Android — are both making moves towards enabling encryption on the browsers and apps used by their devices.

iphone android encryption

Apple has already announced that all apps will have to make use of App Transport Security (ATS) by January 1, 2017. ATS was first unveiled in iOS 9 and forces connections to use HTTPS instead of the increasingly outmoded HTTP.

Android has similar app security settings, though at this point they are still optional.

This is an important move for a number of reasons, chief among them the fact that mobile phones are increasingly valuable targets that have had the tendency to lag behind other forms of technology in terms of the security they employ.

Think about how often you use your mobile phone and think about the number of different online activities you perform on it. Browsing the web? Check. Banking? Check. Purchasing things? Check.

Chances are that if your Mobile Phone were to be compromised, you would be in big trouble. Hackers could steal credit card information, personal information, information about your contacts and business associates. There’s a veritable wealth of data right at your fingertips and the vast majority of people have very few, if any, safeguards in place to protect it all.

Granted, enabling encryption on mobile browsers and apps can’t prevent all types of attacks and keep your phone completely safe, but it’s a huge first step.

How does Encryption Work on a Mobile Device?

mobile device encryption

Let’s get one thing out of the way, there’s no Android SSL Certificate, nor is there an iOS SSL Certificate; after all, you don’t install an SSL Certificate on a mobile device.

Rather, encryption functions in two ways on a mobile phone. First of all, there’s browser security. As with any SSL Certificate, you install it on a web server and configure a website to use it. As SSL has evolved, so t0o have the certificates’ compatibilities. What was once primarily geared towards desktop browsers has no become compatible with most mobile browsers as well.

From the standpoint of mobile browser security, encryption works just the same as it would on a desktop computer.

Where it’s a bit different is in terms of the apps. Protocols like ATS force the apps that are used on mobile phones to utilize encryption. The concepts are similar, but rather than a browser, an app is being forced to make all connections via HTTPS. This ensures that the app can’t connect with any site or third party that could potentially invite harm to your mobile device.

Keep in mind, the first safeguard for your apps is actually the outlet you download them from. Whether that’s the Google Play Store or the Apple App Store depends on the device you’re using, but both stores vet all apps for safety before they are allowed to be distributed there. It’s for this reason that you should only download your apps from these two venues.

ATS and Android’s corresponding protocol just take the protection a step further by forcing the apps to make their connections via encrypted channels. This prevents anyone from infiltrating your phone via the connections made by these apps.

With ATS in place, and with good security practices when using the browser, it’s possible to prevent most of the mischief that can potentially take place of an unencrypted connection from happening to your phone.

Originally published at cheapsslsecurity.com on August 31, 2016.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.