Apple adds HTTPS encryption to App Store
Apple (NASDAQ:AAPL) has added security encryption to its App Store, almost a year after a Google (NASDAQ:GOOG) researcher brought a vulnerability to the company's attention that allowed users to make unauthorized purchases.
Researcher Elie Bursztein revealed on his blog that he had alerted Apple of numerous security issues last July but that Apple had only turned on HTTPS for the App Store last week. HTTPS is a more secure version of the HTTP standard and is commonly used in commerce and banking.
For example, a user attempting to purchase or update an app could become the victim of a man-in-the-middle attack. Without an HTTPS in place, the attacker could swap out the item the user was attempting to purchase and replace it with their own overpriced or malicious app.
Apple first implemented this change for the Chinese version of the App Store late last year. In its list of security updates Apple thanked Bursztein as well as Bernhard Brehm of Recurity Labs and Rahul Iyer of Bejoi.
Apple did not immediately respond to comment on the update.
Earlier this week Apple Senior President of Worldwide Marketing Phil Schiller took a swing at Google's mobile security, after a study revealed that almost 80 percent of mobile malware threats in 2012 targeted Android devices.
Apple exec Schiller takes shot at Android over malware headaches
F-Secure: Android to blame for 79% of all mobile malware in 2012
Apple releases iOS 6.1.3 beta to fix iPhone lockscreen vulnerability
Apple patches Exchange bug with iOS 6.1.2, still no fix for lockscreen exploit
Apple confirms iOS 6.1 lockscreen glitch, iPhone 4S battery drain persists
Apple's $100M settlement over kids' use of IAPs sparks online outrage