This report isn’t as nefarious as it looks at first:
Google on Thursday informed developers of a five-line bit of code crafted to sidestep Apple’s upcoming App Transport Security encryption feature in iOS 9 by creating HTTPS exceptions, which could in some cases block mobile ads from appearing.
The workaround was published to Google’s official Ads Developer Blog in a post titled “Handling App Transport Security in iOS 9,” a reference to Apple’s upcoming privacy tool.
Apple’s ATS standard is built into iOS 9 to restrict insecure and potentially nefarious code served via HTTP from infiltrating the operating system. Developers whose apps are not yet ATS-compliant could see their mobile ads blocked as a result of this tightened security, which in turn poses a threat to Google’s money-making ad business.
You would be excused for thinking, as I did initially, that Apple had tightened security for the benefit of consumers, but that Google had then sidestepped it for the benefit of shady advertisers.
The truth isn’t quite so clear cut.
Google’s “exploit” is in fact baked into iOS 9 for advertisers who are slow to update to the new security protocol. And Google has explained that the fix is “short term” and a “last resort.”
Still, you have to wonder that unless a hard time limit is announced, where’s the incentive for advertisers to upgrade their encryption?