D001: App Transport Security (ATS)

AdminStudio 2023 | 25.0 | Application Manager

D001 scans the app to determine if App Transport Security (ATS) is disabled.

Starting in OS X v10.11, a new security feature called App Transport Security (ATS) is available to apps and is enabled by default. It improves the privacy and data integrity of connections between an app and web services by enforcing additional security requirements for HTTP-based networking requests. Specifically, with ATS enabled, HTTP connections must use HTTPS (RFC 2818). Attempts to connect using insecure HTTP fail. Furthermore, HTTPS requests must use best practices for secure communications.

AdminStudio examines the application’s metadata to determine if the feature is part of the application’s primary functionality, and whether it calls the feature’s APIs.

Test Group/Test Category

Risk Assessment/Desktop Risk Assessment/macOS Risk Assessment

Severity

•

If the application requires the feature as part of the application’s primary functionality, an Error is generated.

•

If the application calls the feature’s APIs, a Warning is generated.