Linked by Thom Holwerda on Thu 27th Aug 2015 17:28 UTC
Google

While Google remains committed to industry-wide adoption of HTTPS, there isn't always full compliance on third party ad networks and custom creative code served via our systems. To ensure ads continue to serve on iOS9 devices for developers transitioning to HTTPS, the recommended short term fix is to add an exception that allows HTTP requests to succeed and non-secure content to load successfully.

Confirmed: Google wants me to switch to iOS.

Disgusting.

Permalink for comment 616795
To read all comments associated with this story, please click here.
So whats the problem? yes there is one...
by le_c on Fri 28th Aug 2015 03:12 UTC
le_c
Member since:
2013-01-02

Had to think about it a bit but that what I think:
It doesn't matter if I get scammed by an ad with secure or insecure connection. So thats not a real problem. However, by this hack you disable a security measurement that prevents that you accidentally leave a secure environment and leak confidential data. For example, if the app accidentally access some parts of a service through http. And thats a problem!

Btw. anyone an idea if ads can somehow access private "session" data? Or is there some security model for that?

Reply Score: 2