IBM Support

IBM MaaS360 apps enforcing Apple ATS requirements

Release Notes


Abstract

Application Transport Security (ATS) is a critical security measure designed to enhance the security of all app communications over HTTPS. MaaS360 is taking steps to ensure its apps are fully compliant with the Apple ATS requirements.

Content

The upcoming versions of MaaS360 apps will enforce ATS requirements. These updated versions will be available on the App Store. This document serves as an advanced notice to MaaS360 customers regarding the impact and necessary preparations.

Note: The ATS-enforcing MaaS360 apps will be generally available to all customers by default without exceptions. ATS blocks connections that fail to meet minimum security specifications.

MaaS360 apps enforcing ATS requirements

  • IBM MaaS360
  • MaaS360 Browser
  • MaaS360 Secure Editor

Minimum server requirements

This Apple document outlines ATS technical requirements, including server specifications for algorithms, ciphers, and TLS versions: https://developer.apple.com/documentation/security/preventing_insecure_network_connections#3138464

Administrators must ensure that their servers meet the following requirements to establish communication with MaaS360 apps:

  • Use HTTPS for Communication: ATS requires all connections to use HTTPS rather than HTTP. Ensure your server supports HTTPS.
  • TLS Version and Cipher Suite: ATS supports specific versions of the Transport Layer Security (TLS) protocol and specific cipher suites. Ensure your server supports TLS 1.2 or later, and use strong, secure cipher suites to prevent connection failures.
  • Forward Secrecy: Enable forward secrecy on your server to ensure that past communication cannot be decrypted, even if a long-term secret key is compromised.
  • Certificate Validity and Trust: Ensure your server's SSL/TLS certificate is valid and signed by a trusted certificate authority (CA). Self-signed certificates are not allowed by default in ATS.
  • Public Key Pinning (Optional): If your application uses Public Key Pinning, ensure the server is configured with the proper public key pins in its response headers.
  • Content Delivery Networks (CDN): If your application uses a content delivery network, ensure it complies with ATS requirements, including using HTTPS for CDN resources.
  • App Transport Security (ATS) Diagnostic Logs: Check the ATS diagnostic logs on the device for any reported connection issues. These logs can provide detailed information on why a connection might be failing.
  • Stay Informed about ATS Updates: Keep informed about any updates or changes to ATS requirements to maintain compatibility with future iOS releases.

Resources accessed by MaaS360 apps

Administrators can verify ATS compliance for various resources used by MaaS360 apps, including:

IBM MaaS360 for iOS app:

  • Email Servers configurations
  • Proxy/Load Balancers.
  • Document Sources and External document links shared using Admin Pushed docs.

MaaS360 Browser app:

  • Website access (Internal websites [MEG]/External websites)
  • File Downloads

Admin actions to verify ATS compatibility on all user domains

To validate ATS compatibility for all user domains, administrators can use the following methods:

MAC users:

Windows users:

MaaS360 supported versions for ATS:

MaaS360 updates the following iOS apps on the App Store to support ATS:

  • IBM MaaS360 5.80.10+
  • MaaS360 Browser 3.94.3+
  • MaaS360 Secure Editor 3.50.5+

Conclusion

To ensure compliance with Apple's ATS requirements, MaaS360 administrators must review server specifications, test the ATS-enforcing MaaS360 apps in their TestFlight environment, and diagnose any potential ATS connection issues using Apple's nscurl tool. Additionally, administrators should monitor MaaS360 communication channels and regularly review Apple's ATS documentation to stay informed about future updates.

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSYSXX","label":"IBM MaaS360"},"ARM Category":[{"code":"a8m0z00000006zaAAA","label":"APPLICATIONS"},{"code":"a8m3p000000hCHXAA2","label":"DEVICES"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
21 June 2024

UID

ibm17106760

Page Feedback