How to Navigate the .APP Domain Launch by Google Registry

By Connie Hon

Corporations experienced an avalanche of new generic top-level domains (gTLDs) between 2013 and 2015 when almost 90% were launched. At the time of writing, there are a total of 526 open new gTLDs available to register—and most could be categorized by the industry as “verticals,” appealing to different segments of global domain registrants.

In 2015, Google® Registry won the rights to operate .APP through an Internet Corporation for Assigned Names and Numbers (ICANN) auction. Google’s winning bid of just over $25M beat 12 other bidders including® and Donuts, and set a new record for new gTLD auction value. Google has chosen to launch .APP at a time when new gTLD launches are sporadic—March 29, 2018.

As more corporations employ mobile apps [1], and as web applications become increasingly synonymous with the internet, .APP is seen as an important Top Level Domain (TLD) that could be used by most companies regardless of the industry they are in. For that reason, global corporations have been paying attention to the .APP launch to review whether it’s a relevant TLD to add to their domain portfolio.

If you’re considering an .APP domain, here are some ways CSC® suggests using it:

  • To create an intuitive domain name specifically for web applications

Mapping your .APP to web applications is one intuitive way to use .APP domain names. Used in this way, web applications can be set apart from corporate and information websites. This may make it easier to manage portfolios of web apps internally, separate from domain portfolios, allowing you to better categorize digital assets, maintain web applications, and effectively communicate future web apps.

  • To act as a gateway to authentic apps

.APP websites could be used as a directory to showcase the brand’s authentic mobile apps under one roof. Visitors to such a website can be directed to download the brand’s authentic iOS and Android mobile apps from the Apple® App Store or Google® Play amongst others. Left on their own to search for your brand’s apps, users may end up downloading fake apps that may even contain malware, and that could greatly jeopardize user experience, the security of your authentic apps, and brand reputation.

  • To defend core brands and trademarks

Names matching core brands and existing applications could be registered defensively using the .APP domain. Domain ownership is really the best defense against cybersquatters, domain name disputes, fake sites, and potential loss in valuable web traffic. Having said that, it is important to know budget for registration and renewal costs of any potential defensive domain names. Once these domain names are secured, they could be configured as redirects or microsites to the corporation’s home site or the matching app. With no pricing difference between Sunrise and General Availability, brands should consider securing their .APP domains in the earliest possible phase.

The .APP domain name also has some specific security requirement and user expectations:

  • To align with security standards in browsers

Configuring an .APP domain name for use requires that HTTPS is configured—which means implementing secure sockets layer (SSL) certificates. Google has hard-coded this requirement in the .APP zone so that data exchange on any .APP websites are securely encrypted since .APP domains could be used to collect personally identifiable information. Last year, major internet browsers including Google started to display websites without a valid SSL as insecure.

  • To meet consumer expectations

Consumers are learning to be discerning before trusting any website. For example, internet banking customers are educated to scrutinize websites to ensure they are not on a phishing site. In most cases, internet visitors know they shouldn’t just click any pop-up or liberally accept cookies, and as aforementioned, browsers are now discouraging visitors from visiting websites that don’t have an up-to-date SSL certificate. Consumers are more aware of online security, and will associate high levels of website security with greater trustworthiness, therefore, it’s crucial for corporations to meet the expectations of their increasingly discerning customers.

Google has its foot firmly set in the domain name business. In addition to operating .APP, they currently have applications in for 101 new gTLDs, plans to operate at least 19 open new gTLDs—four of which have been launched—operate 20 .brands, and have created the registry Nomulus. Google will play a big part in future developments on the internet, just as they have led the way with several developments in search. From this perspective, it makes complete sense to align with what Google requires for SEO purposes and web security, while at the same time using .APP domains to your best advantage.

.APP security requirement

.App is a secure namespace, meaning that HTTPS is required for all .app websites. This is achieved through applying the relevant SSL certificate.

.APP launch schedule

Phase Priority Starts Ends Requirements Recommendations
Sunrise phase First come, first serve 29 March 2018 @ 16:00 UTC 30 April 2018 @ 16:00 UTC A valid trademark with the Trademark Clearinghouse with a sunrise eligible SMD file Trademark holders should place their order as early as possible to avoid losing out to competing rights holders
Early Access phase First come, first serve 1 May 2018 @ 16:00 UTC 8 May 2018 @ 16:00 UTC No eligibility requirements except the security requirement The cost of registration decreases daily
General Availability


First come, first serve 8 May 2018 @16:00 UTC Ongoing No eligibility requirements except the security requirement Competition is expected to be tough for terms not secured during the Sunrise; we recommend queuing up desired registrations early

The .APP domain is available in all phases on a first come, first serve basis.  Contact CSC today to find out how you can secure your .APP domain name and the required SSL certificate needed to take your .APP site live.

[1]The third edition of the Mobile Security and Risk Review by MobileIron finds that almost 80% of companies are using more than 10 mobile apps for business.