Apple App Store should have had HTTPS encryption from the start, developers say

The fact Apple (NASDAQ:AAPL) took at least six months to plug what many see as a major security hole in its App Store both shocked and appalled developers who took to social media to suggest consumers should expect more from the company.

A blog post from Google researcher Elie Bursztein set up a wave of online comments after he reported that Apple had decided to use HTTPS encryption in the App Store earlier this month. Without it, Bursztein said anyone trying to purchase apps through the store using public Wi-Fi networks easily could have his password or sensitive information stolen.

Though HTTPS is well known as a security mechanism across the IT industry, many developers seemed to assume that Apple was already using it to protect those downloading their apps.

On the security site CyberCrimesUnit, blogger Paul Ducklin captured much of the popular sentiment by framing the issue around Apple's dominance in the app ecosystem and its role as gatekeeper to much of what's used on smartphones.

Quote MarkSince there's no other place to shop when you're buying or selling iDevice software, and since Apple likes it that way, you might think that Cupertino would have set the bar a bit higher," wrote Ducklin. "You might also have expected Apple to react a bit more quickly after Dr. Bursztein's fairly detailed explanations of why the bar really needed to be higher."

Indeed, many developers and industry observers who were aware of the issue were less than impressed by Apple's decision to take action.

And unfortunately, though the App Store may be more secure, the company may have to work harder to rebuild relationships, both among consumers and iOS developers.