You may or may not be aware of a years-old App Store security flaw that allows potential identity thieves to access account information by exploiting unencrypted connections when a victim accesses Apple’s App Store. Well, it looks like Apple has finally ticked the issue off of its to do list, and enabled encryption when a device tries to connect to its application marketplace.
The problem with Apple’s old connection was that it meant the knowledgeable hacker could take over your connection and access your Apple ID, freely stealing passwords and racking up huge bills on ridiculously expensive software. All the hacker would have needed was the same Wi-Fi network before making off with your account details and leave you with some pretty serious, non-refundable app purchases.
Funnily enough, the bug was discovered last July by Google employee Elie Bursztein, who stumbled upon it in his spare time. He also stated that “Many companies don’t realize that HTTPS is important for mobile apps,” and went on to explain how if the apps rely on Webviews or Web connections, they are vulnerable to attacks.