Apple has now enabled HTTPS on the App Store login, giving users more security when connecting to the App Store. The issue was reported back in July 2012 by a Google researcher (Elie Bursztein). This was an issue – it made users vulnerable to ‘man-in-the-middle’ attacks where those running a Wi-Fi hotspot can see the data transferred through the connection, and therefore extrapolate usernames and passwords.
HTTPS is very important for mobile services, where users are more likely to connect to unknown Wi-Fi hotspots – most people with laptops/desktops keep their device in one place, and so don’t need to connect to the internet out and about. Facebook and Twitter have now switched over to HTTPS and Google offers a secure web search.
HTTPS is hard for service providers to enable though – although most service providers would love to offer it, it requires significantly more processor overhead. For things like app downloads, where only the information on the app is transferred it doesn’t seem worth encrypting. This is likely why Apple is only securing the log-in part of the App Store, as it’s the only really important bit that needs encryption, especially when e-fraud is still high.