Want CNET to notify you of price drops and the latest stories?

Google bakes security into new .app internet domain

The new online real estate makes website encryption mandatory. The idea is to give app developers a more trustworthy home on the web.

Stephen Shankland principal writer
Stephen Shankland has been a reporter at CNET since 1998 and writes about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertise processors, semiconductors, web browsers, quantum computing, supercomputers, AI, 3D printing, drones, computer science, physics, programming, materials science, USB, UWB, Android, digital photography, science Credentials
  • I've been covering the technology industry for 24 years and was a science writer for five years before that. I've got deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and other dee
Stephen Shankland
2 min read
Google headquarters in Mountain View, California

Google headquarters in Mountain View, California

Stephen Shankland/CNET

Google took a new step Tuesday in its effort to curtail internet skullduggery, opening up its .app online real estate that requires the kinds of encrypted connections that can thwart such problems.

The .app domain is one among many joining traditional top-level domains like .com and .net. But Google, the winning bidder among several for .app, wants it to be something of a safe haven. Encryption secures data so prying eyes can't see it and middlemen can't interfere with it, and Google requires the use of HTTPS encryption technology for .app websites.

Encrypted communications used to be slower and more expensive on the internet, but the technology has grown faster and cheap as it spread from early uses like e-commerce. Now it's commonplace for connections to communication services, news sites and search engines.

Google is touting .app for developers looking for a website to promote their apps. Among those that signed up so far are picnic.app, cash.app, podcast.app and pickle.app.

"You can use your new domain as a landing page to share trustworthy download links, keep users up to date, and deep link to in-app content," Google domains leader Ben Fried said in a blog post. "HTTPS is required to connect to all .app websites, helping protect against ad malware and tracking injection by ISPs, in addition to safeguarding against spying on open Wi-Fi networks. Because .app will be the first TLD [internet top-level domain] with enforced security made available for general registration, it's helping move the web to an HTTPS-everywhere future in a big way."

Offering encrypted websites has been getting easier in part through an effort called Let's Encrypt, sponsored by Google, Mozilla, Facebook, Cisco Systems, Akamai and other tech powers. It provides for free the digital certificates necessary to run an encrypted site.

Google's .app domain uses technology called HSTS (HTTP Strict Transport Security) that requires an encrypted HTTPS connection, and sites on the .app are automatically on major browsers' HSTS preload list that adds an extra layer of protections.

The same advantages encryption brings to consumers make life harder for governments that want to track people. That can stymie criminal investigations, but it also makes it more difficult for authoritarian governments to crack down.

Follow the Money: This is how digital cash is changing the way we save, shop and work.

CNET Magazine: Check out a sample of the stories in CNET's newsstand edition.