ATS in iOS 10

ATS ( App Transport Security) is a good network security policy proposed by Apple in WWDC 15. According to ATS, no security network visiting (aka any web url starting with http://) is settled in iOS 9 by default. Although users can set the “NSAppTransportSecurity” value inside Info.plist to allow Apps connect with no security networks (See my previous post https://blogs.perficient.com/delivery/blog/2015/11/12/three-ways-to-let-ats-work-with-your-http-server-and-ios-apps/)

While in iOS 10, Apple put more restrictions on ATS. According to Apple’s currently announcement, all the applications submit to App Store is not allowed to use “NSAppTransportSecurity” to ignore ATS starting from Jan 1st, 2017. So it is better to make sure all the network visiting should use https in the App. Here is some useful advice to make sure you Apps can submit to App Store successfully:

1. Make sure your App can visit https context, especially those with strong encrypt algorithms (TLS v1.2 and above, AES-128, SHA-2, ECDHC etc.
2. If you still need to use “NSAppTransportSecurity” to disable ATS, please make some additional explanations before submitting to App Store, especially if your App is kind of a browser related App.
3. Use NSExceptionDomains” instead of “NSAllowsArbitraryLoads” hence only allowed some specific none secure http visit inside your App.
4. There is a new key called “NSAllowsArbitraryLoadsInWebContent” in iOS 10, set the value to “YES” so that your App can play online videos even if they are not https related. But please be aware this feature can only be supported by iOS 10 and above.

Revolutionize Your Business With Generative AI

From product design and software development to virtual agents, content creation, and reporting, GenAI is transforming business. Our AI experts help you unlock GenAI’s full potential and drive growth.

Let’s Get Started

In conclusion, ATS has been changed in iOS 10. To successfully submit your App into Apple’s App Store, below is the table you may need to look at first.