iOS App Transport Security – Enforced from 2017 for Apple app submissions

The ATS requirement is here.

https://developer.apple.com/library/content/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW59
(Section NSAppTransportSecurity)

In summary, below is what we need to do in the apps

1. Make every URLs to https
2. Ensure the TLS version is TLS1.2.
3. Have the certificate used in the server to client communication is trusted.

How do we detect if a URL is ATS compliant?

The nscurl tool on OS X El Capitan supports diagnosing ATS secure connections.

For example, /usr/bin/nscurl –ats-diagnostics https://www.example.com will display ATS connection information for http://www.example.com. Run /usr/bin/nscurl -h for more information.

This tools prints PASS / FAIL information. Ensure PASS results for test with diagnose dictionary with NO exceptions specified.

To view the certificate info of a particular Domain or test out the connection, TLS tool will be a good utility.
https://developer.apple.com/library/content/samplecode/sc1236/Introduction/Intro.html#//apple_ref/doc/uid/DTS40014927-Intro-DontLinkElementID_2

Does it affect Socket communication?

Below is the answer from Apple staff (https://forums.developer.apple.com/thread/48979)

Right now ATS is only enforced by our high-level APIs (NSURLSession, NSURLConnection, and anything layered on top of those), and there’s been no announcements about that changing.

Keep in mind, however, that ATS’s enhanced security requirements are not arbitrary; they are defined to give your users a good level of security on an increasingly hostile Internet. As such, your app should aim to comply with these requirements even if ATS is not actively enforcing them.

Advertisements

iPv6 Network not available issue

+ (instancetype)  reachabilityForInternetConnection
{

Reachability *reach = NULL;
NetworkStatus status = NotReachable;

struct sockaddr_in zeroAddress;
bzero(&zeroAddress, sizeof(zeroAddress));
zeroAddress.sin_len = sizeof(zeroAddress);
zeroAddress.sin_family = AF_INET;

reach = [self reachabilityWithAddress: (const struct sockaddr *) &zeroAddress];

if  (reach != NULL)
{

status = [reach currentReachabilityStatus];

if (status != NotReachable)
{

NSLog(@”Connected to Ipv4 Environment”);

return reach;

}

}

if  ([[UIDevice currentDevice].systemVersion floatValue] < 9.0)
{

// check whether you are in iPv6 environment

struct sockaddr_in6 zeroAddress1;
bzero(&zeroAddress1, sizeof(zeroAddress1));
zeroAddress1.sin6_len = sizeof(zeroAddress1);
zeroAddress1.sin6_family = AF_INET6;

reach = [self reachabilityWithAddress: (const struct sockaddr *) &zeroAddress1];

if  (reach != NULL)
{

status = [reach currentReachabilityStatus];

if (status != NotReachable)
{

NSLog(@”Connected to Ipv6 Environment”);

}

}

}

return reach;

}

App Store upload failure – armv6

XCode 4.5 and above won’t support armv6 architecture.

XCode 4.2 – You can create build that supports armv6 architecture, but you have to do the steps mentioned in the following forum.

http://stackoverflow.com/questions/4198676/warning-iphone-apps-should-include-an-armv6-architecture-even-with-build-config

iPhone 5 won’t support armv6 and has new architecture armv7s.

Apple server also has some issue some times https://discussions.apple.com/thread/3822193?start=0&tstart=0