We are planning to enable App Transport Security (ATS) for both the Box mobile app and the Box for EMM app on iOS. This change is aimed at enhancing our security by ensuring all HTTP network requests comply with strict security standards, including requiring a HTTPS connection with a valid certificate.
What is App Transport Security (ATS)?
App Transport Security (ATS) is a security feature introduced by Apple that improves the security of network connections made by apps. It enforces best practices for secure communication between your app and web services by requiring HTTPS (HTTP Secure) connections with specific security requirements. This helps protect your data from being intercepted or tampered with.
Who is impacted?
If your organization is already using a secure login provider, no impact is expected, and no action is required on your part.
However, if your organization is using a login provider or proxy server that does not comply with ATS requirements, users may experience issues, such as difficulty logging in or app functionality degradation.
What to do if your organization is impacted?
Please contact your IT administrator or help desk and inform them that you will experience issues accessing the Box for iOS app due to App Transport Security (ATS) requirements. These are the ATS requirements your login provider will need to meet in order to successfully log in to the Box mobile app.
Is there a workaround once this change goes into effect?
Unfortunately, there is no direct workaround within the Box mobile app and Box for EMM on iOS, as ATS is a security feature that cannot be bypassed. However, impacted users may continue to access their Box files through:
-
Box Web App: Impacted users may access Box through a web browser on their iOS device (e.g., Safari, Chrome) by going to www.box.com.
-
Box Drive: If your organization uses Box Drive on your computer, users may continue to access their content via Box Drive.