Image from video demonstrating a password attack that was possible because Apple didn't encrypt traffic traveling between its App Store and end users. Elie Bursztein For the past nine months—and possibly for years—Apple has unnecessarily left many of its iOS customers open to attack because engineers failed to implement standard technology that encrypts traffic traveling between handsets and the company's App Store. While HTTPS-encrypted communications have been used for years to protect attackers from intercepting and manipulating sensitive traffic sent by online banks and merchants, the native iOS app that connects to Apple's App Store deployed the protection only recently.