The most popular applications of the AppStore are vulnerable and their communications with various servers can be intercepted despite the fact that they use a data encryption system. According to a new app security testing service called verify.ly, 76 of the most popular apps, with 18 million downloads, can be intercepted.
The applications present low, medium and high security risks, and although they use the ATS system to secure communications, they are still vulnerable to interception. Although some developers implemented this system to secure communications, it seems that they did not correctly use the respective code to secure communications.
Based on this error, the applications consider that all connections are secure, even if some of them are not, and thus our data can be intercepted. A list of applications with medium or high security risk has not been disclosed, but we are of course talking about applications for social networks, data transfer and many others.
To ensure that our data is very difficult to intercept, those who discovered these problems suggest using cellular data connections instead of Wi-Fi. The suggestion is made for the use of banking applications, or other applications where there is sensitive information that can lead to the loss of money or important data.
There is no possible fix to be made on Apple's side, because if they were to override this functionality in an attempt to block this security issue, it would actually make some iOS applications less secure as they would not be able to utilize certificate pinning for their connections , and they could not trust otherwise untrusted certificates which may be required for intranet connections within an enterprise using an in-house PKI. Therefore, the onus rests solely on app developers themselves to ensure their apps are not vulnerable.
