Rule Definition
Mobile apps that communicate over the Internet often fail to properly implement SSL/TLS, if they
implement it at all. These failures could leave users’ communications open to interception and even
session hijacking. Using SSL/TLS properly involves careful checking of the server’s certificate chain. Thus,
an app or library that validates SSL/TLS certificates should do the following checks to ensure strong
authentication, confidentiality and integrity.
Reference
https://developer.apple.com/security/
Related Technologies
Technical Criterion
Secure Coding - API Abuse
About CAST Appmarq
CAST Appmarq is by far the biggest repository of data about real IT systems. It's built on thousands of analyzed applications, made of 35 different technologies, by over 300 business organizations across major verticals. It provides IT Leaders with factual key analytics to let them know if their applications are on track.