Why waste time figuring out whether you should use HTTP or HTTPS? These days there’s no reason not to encrypt – better be on the safe side!
If you’re developing a new app, you should use HTTPS exclusively. If you have an existing app, you should use HTTPS as much as you can right now, and create a plan for migrating the rest of your app as soon as possible.
And if Apple isn’t enough to persuade you, how about the President of the United States?
On Monday, the White House Office of Management and Budget (OMB) issued the HTTPS-Only Standard directive, requiring that all publicly accessible Federal websites and web services only provide service through a secure HTTPS connection.
The directive follows a period of consultation begun in March, and all publicly accessible Federal websites must comply with it by December 31 2016.
Interestingly, the White House memorandum seems to echo the language of privacy advocates like Edward Snowden, containing the assertion, in bold type:
All browsing activity should be considered private and sensitive.