Security in iOS Apps

It’s incredibly important in FinTech!

Steven Curtis
4 min readApr 29


Photo by Franck on Unsplash


Man-in-the-middle: An attack where the attacker sits between a user and the server.

Public-key cryptography: A cryptographic system using two keys: a public key known to everyone and a private key. The private key can be used to read unencrypted messages encrypted with the public key, but the reverse is not true.

Public key infrastructure (PKI): A set of roles, policies, hardware, software, and procedures needed to distribute, use, store, and revoke digital certificates and manage public-key encryption.

Secure Socket Layer (SSL): Encrypted client-server communication over HTTP (as specified by HTTPS).

The Article

This article is about security, and how that might be implemented in an App where security is important (in an area like FinTech).

Some Options

App Transport Security (ATS)

The Problem ATS Is Trying To Solve

ATS requires that HTTP connections made with URLSession use secure HTTPS connections rather than the insecure HTTP connections. HTTPS uses TLS (SSL) to encrypt normal HTTP requests and responses, and makes it much more secure to make a connection.

For “important” connections, for example banking Applications HTTPS is much preferred as it is a secure connection.

App Transport Security (ATS)

App Transport Security (ATS) is a privacy feature which has been around since iOS9. It is enabled by default, and enforces secure connections as described above, and must be opted out of if a developer cannot secure a server by making it conform to HTTPS.

The Implementation

It can be dispiriting to be unable to connect to a server. The message

App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure.

will be familiar to many iOS developers. So too will be the solution, which is given in the following article…