Too Long; Didn't Read
The content of this blog was presented at /dev/world 2017. Many of the points are still very relevant, but the data will be a bit old. Around 65-70% of all public apps are currently not implementing Application Transport Security correctly by implementing NSAllowsArbitaryLoads. Around 100,000 apps are potentially susceptible to downgrade attacks. The worst part: You would never know if the app is not using HTTPS or there’s no.There are no. apps that do not implement HTTPS for a query that looks like it involves a password.