App Transport Security(ATS) & iOS 9
THARUN MENON
? Senior iOS Consultant @ TCS l Ex- UST | Swift | Objective-C | SwiftUI | MAC OS | Git | Agile
In iOS9 itself, Apple added new feature called App Transport Security(ATS).It enforces best practices during network calls, including the use of HTTPS.
In Apple documentation it's mentioned that:
"ATS prevents accidental disclosure, provides secure default behavior, and is easy to adopt. You should adopt ATS , regardless of whether you’re creating a new app or updating an existing one.
If you’re developing a new app, you should use HTTPS exclusively. If you have an existing app, you should use HTTPS as much as you can right now, and create a plan for migrating the rest of your app as soon as possible."
What is App Transport Security?
ATS is a feature which requires an app to communicate with its related external servers over HTTPS. This is done via a declaration in its Info.plist file. ATS will increase the security for Apple developers & users as it will prevent apps from accidental disclosure and offers secure environments.
As ATS is a mandatory feature in the iOS 9 & OS X 10.11. Hence developers need to migrate from HTTP to HTTPS .Apple may reject application which are not secured with HTTPS
Steps to migrating to HTTPS:
You can follow this easy steps..
1.Add the following in you info.plist:
NSAppTransportSecurity-->dictionary (then add the below sub item to this)
NSAllowsArbitaryLoads-->Boolean-->YES
2.We can also use other steps for migrating(optional ) :
Add Below key in your info.plist & then see.
<key>NSAppTransportSecurity</key><dict><key>NSAllowsArbitraryLoads</key><true/></dict>
We can also add through specific exception
<key>NSAppTransportSecurity</key><dict><key>NSExceptionDomains</key><dict><key>testdomain.com</key><dict><key>NSIncludesSubdomains</key><false/><key>NSExceptionAllowInsecureHTTPSLoads</key><false/><key>NSExceptionRequiresForwardSecrecy</key><true/><key>NSExceptionMinimumTLSVersion</key><string>TLSv1.2</string><key>NSThirdPartyExceptionAllowInsecureHTTPSLoads</key><false/><key>NSThirdPartyExceptionRequiresForwardSecrecy</key><true/><key>NSThirdPartyExceptionMinimumTLSVersion</key><string>TLSv1.2</string><key>NSRequiresCertificateTransparency</key><false/></dict> ... </dict></dict>