After almost half a year when Apple was informed about a security flaw in its app store, the company finally has taken actions to turn on encryption to secure iOS users from potential security and privacy breach over Wi-Fi.

Apple at last fixed the identified security problem that has let hackers, for years, to steal user passwords and set up unnecessary or exceptionally expensive applications.

Whenever an Apple device connects to the App Store, the potential security breach can take place as the hacker might be able to hijack the connection.  This security lapse occured only because the company did not bother to use encryption for its apps security. Also, the unencrypted connection makes the device privacy vulnerable since the installed list of applications on the device is accessible over Wi-Fi.

The security flaw allows attackers to install unwanted and extremely expensive apps, on the device that top out at$999.99, without user’s permission , causing severe repercussions as Apple does not guarantee refunds. For an attacker to do all this, s/he needs to be on the same public or private, i.e.  hotel, airport or a coffee shop network.

Elie Bursztein, a security researcher discovered the vulnerability  and informed Apple of the glitch last July. Apple resolved the problem recently in a device update saying that now the content will be served over HTTPS, thus making the connection secure by default. The company also expressed gratitude to Bernhard Brehm of Recurity Labs and Rahul Iyer of Bejoi.

Earlier this morning, the company officials refused to answer a query from CNET that asked what took the Apple so long to resolve the security problem with Apple’s apps.

A Google employee, Bursztein on his personal blog post revealed the vulnerability aspects of Apple App Store and uploaded a video describing how the hacker steals the passwords and successfully installs undesired apps.

In a disclosure of Apple’s security lapse, Bursztein emphasized on the importance of encrypted HTTPS network connections and said that most of the corporations are unaware of the importance of HTTPS for mobile apps. He further explained that the vulnerability of attacks gets higher if companies prefer using web connections or web views. “Providing a concrete example seems a good way to attract developer attention to the issue.”

This is not the first time he has exposed glitches in company apps. At Stanford University, Bursztein, then a postdoctoral researcher published his work showing the defects in Captchas and the web interfaces of embedded devices. Two years ago at Defcon conference in Las Vegas, Bursztein illustrated how Windows default encryption used by browsers, instant messaging clients, and programs that are used to store user passwords, can be dodged.

The blog post from Bursztein comes a day after Apple’s chief marketing officer, Phil Schiller, took a security-related swipe on Twitter by discussing a report on the increase of Android malware.