Google launches .app domain with HTTPS

A few months back Google launched its much-hyped .app TLD (Top Level Domain). Google employee, Ben Mcllwain, who is Lead Engineer at Google Registry, and Adrienne Porter Felt, Engineer(ing Manager) at Google Chrome gave an in-depth technical talk while launching the service.

.app is a website dedicated to the activities of apps. It was available for registry since May 7, via Google’s Early Access Program.

Introducing .app, Ben Mcllwain said, “Today, we’re launching the world’s first entirely secure, all HTTPS open TLD. .app is a new home on the web for mobile apps, web apps, progressive web apps, desktop apps, app developers and anything related to apps.”

The .app gTLD (generic Top Level Domain) was bought by Google’s Charleston Road Registry Inc. company, for a record US $25 mil in the February of 2015. This is the most any company has spent in an ICANN auction to buy a gTLD. In the process, Google won over 12 other competitors, including Dot App LLC, Dot App Inc., and Amazon.

A gTLD is used to identify what domain class the website is associated with. The .com of google.com is called the TLD.

What’s in it for the user?!

The .app gTLD enables anyone, app developers or individuals, to go ahead and register themselves through any domain registrar.

We’ve been seeing a trend where more and more people have been using smartphones and tablets to do searches. .app is believed to be a creative way to promote apps. The domain can be used to project in-app content, updating users on a frequent basis. It can also be used as a landing page for in-app content.

.app has been launched as an open TLD, meaning anyone can register themselves without restriction, starting May 8, 2018. The launch site is get.app. Given that there are lots and lots of domain names available for selection for the user, the FCFS (First Come First Serve) policy holds good here.

As a result of the launch of .app, domain names have become simplified. For instance, a website ‘cookieapp.com’ becomes ‘cookie.app’. This simplification enables users to find their web/mobile app more easily on a browser, rather than surfing the app store, where there may be loads of similar apps.

The addition of HTTPS

The thing that captured the attendees’ attention at the launch ceremony, was when the speakers announced that the .app domain is the first of its kind TLD enforcing strict HTTPS connections.

Adrienne said that Google had for a long time, been pushing for HTTPS adoption. HTTPS (Hyper Text Transfer Protocol Secure) encrypts all the information that is exchanged between the user and the server. This is achieved using HSTS (HTTPS Strict Transport Security). HSTS is a web server directive that helps prevent websites from cookie hijacking and protocol downgrade attacks.

HSTS is a response header that enforces an HTTPS connection, even if the user specifies HTTP in his/her search. Under Google’s .app TLD, HSTS preloading is enabled. Here, the browser knows that the host needs an SSL/TLS before the connection occurs. So while redirection takes place from HTTP to HTTPS, a possible hacking attempt can be avoided.

HTTPS prevents hackers from eavesdropping or modifying the user’s information while it is in transit between the user and the web server while using WiFi networks. Google claims that security is the big win for .app.

HTTPS provides authenticity, i.e., it prevents ad injection. It also provides access to powerful APIs, which are new web features available only over HTTPS. This is expected to promote the usage of HTTPS among all web developers.

Google also announced that all HTTP pages will be labeled ‘Not Secure’ in Chrome 68.

In order to showcase the benefits of using the HTTPS protocol with .app, Google had already given express consent for a selected group of companies ( Call App, Cash App etc.) to register themselves on the .app platform. This has kickstarted an online war for obtaining the best and most relevant domain names for various app developers.

As HTTPS registrations become more sought after due to their security features, websites without HTTPS will be easily downranked, according to Google’s policy from 2015.

Google claimed that while in 2016, only 25% of the top 100 sites supported HTTPS by default, the number now sits at 83%. Surely, HTTPS is here to stay.

HTTPS certificates can be obtained online, from websites such as SSL2BUY at Cheapest price.

The .app website

The get.app website lists the different benefits of .app, which include getting a memorable domain name. This should definitely interest app developers, though the usage of the .app domain is not limited to apps alone.

Get.app also contains a few success stories – some successful registries on .app, and links to their .app domain. Anyone who is interested can search for domain names and check availability.

Related posts

Apple Addressed Two Zero-Day Flaws In Intel-based Macs

Really Simple Security Plugin Flaw Risks 4+ Million WordPress Websites

Glove Stealer Emerges A New Malware Threat For Browsers