HTTPS Everywhere … Kind Of
But why does Google care about an OS release in Apple’s world?
That’s because AdMob, Google’s mobile ads SDK, services developers across the entire ecosystem, Android and iOS alike. AdMob works with a long list of ad networks, all of which need to update their SDKs in order to serve securely and accommodate the iOS release.
ATS will be automatically enabled for all new apps developed for iOS 9 or for any existing apps being updated to run on iOS 9.
In an Aug. 26 blog post, Google provided developers using AdMob with what Google referred to as a “recommended short-term fix” in the form of a snippet of code that would essentially disable the ATS privacy feature by adding an exception to allow nonsecure content, aka ads.
Developers monetizing through AdMob who either aren’t ready for HTTPS – or aren’t confident that all of their third-party partners are ready – can add the exception so that there’s no disruption to the ad flow between AdMob and their apps.
Google, for its part, has vocally embraced the concept of HTTPS. Earlier this year, Neal Mohan, Google’s VP of display advertising products, and Jerry Dischler, VP of product management for AdWords, wrote in a blog post that by June 30 they expected “the vast majority” of mobile, video and desktop display ads served to the Google Display Network, AdMob and DoubleClick publishers to be encrypted.
But judging from Google’s Aug. 26 post, that doesn’t appear to be the case: “While Google remains committed to industrywide adoptions of HTTPS,” the company wrote, “there isn’t always full compliance on third-party ad networks and custom creative code served via our systems.”
Although Google has designated itself as a leader in the move toward wide adoption of HTTPS – in April 2014, for example, Google announced that it had started running tests around using HTTPS as a ranking signal for search – it’s a stance that fits more snugly into Apple’s ethos around privacy and tracking.
Take Apple CEO Tim Cook’s acceptance speech at the Electronic Privacy Information Center Champions of Freedom Awards dinner in June.
“I’m speaking to you from Silicon Valley, where some of the most prominent and successful companies have built their businesses by lulling their customers into complacency about their personal information,” Cook said. “They’re gobbling up everything they can learn about you and trying to monetize it. We think that’s wrong.”
Although not mentioned by name, Google was clearly one of the companies to which Cook was referring.
While it would be naive to say that Apple is positioning itself as a defender of privacy purely on moral grounds – ”Apple cares about shipping more iPhones, and if security is the main draw for their customers, that’s what they’ll focus us,” said Weber – Apple is arguably more convincing as a protector of privacy than Google.
As one commenter observed in businesslike tones on Hacker News, a Reddit-like site hosted by startup incubator Y Combinator: “Google’s intent is very straightforward: to disable TLS in the interest of their ad business. … You shouldn’t compromise app security in the interest of letting ad networks continue to serve unencrypted content to your users’ devices.”