Apple’s latest iOS release brings the usual mix of new OS features and developer standards. In addition to Multitasking and Picture in Picture, iOS 9 comes complete with a new feature called App Transport Security (ATS). ATS only affects in-app monetization and requires that all connections between an app and the web be made securely using Transport Layer Security (TLS).
This feature applies by default to all apps, whether they are new or updates to existing apps.
How does this change affect publishers?
iOS 9 only allows publishers to monetize in-app inventory with secure ads. ATS is enabled by default and all connections must be made securely via HTTPS. Otherwise, unsecure requests, made using HTTP, will be blocked.
There are ways to prevent interruptions to monetization while still supporting HTTP. Publishers that are supporting iOS 9 have the option of disabling ATS by declaring exceptions or making changes to their apps, however, Apple has made their desire for secure connections clear and the best path forward is adoption.
What do publishers and advertisers need to do?
If you are a publisher:
- You need to ensure your ad requests are secure
- For any private marketplace campaigns, make sure that your advertiser partners are delivering and connecting with secure, HTTPS, protocols
If you are an advertiser:
- Make sure your entire VAST response payload is secure – connections, wrappers, third party tracking, responses and media
- If any part of your connection or creative is not secure, the impression will be counted, but iOS 9 will block the user from viewing your ad
What is SpotX doing to support iOS 9?
When we receive an ad request that requires secure creative, we will pass a flag in our OpenRTB bid request, notifying the DSP that they must return secure creative. We will examine their response and remove any non-compliant bids. Ads that are uploaded/transcoded by SpotX along with their accompanying beacons will automatically be enabled for secure environments, streamlining the process for the advertisers.
For Private Marketplace campaigns, SpotX will only allow demand partners to return securely, and will exclude unsecure connections.
Those who are ready to make the transition to secure can make use of the latest version of the SpotX Mobile SDK (version 2.0+), which has the ability to support secure communications today.
See our post about the shift toward a secure ad environment for more information about SpotX’s support for HTTPS.
Nick Cuniffe, Director, Product Management