Is the Apple App Transport Security feature implemented in CFNetwork or maybe it is a part of sandbox or system ?
App Transport Security (ATS) is enforced by the NSURLSession class and all APIs that use it. ATS is automatically enabled when you link your app against the iOS 9.0 SDK or later or against the macOS 10.11 SDK or later. (The older NSURLConnection class also enforces ATS when you link against the iOS 9.0 SDK or later or against the macOS 10.11 SDK or later.) ATS protections are not available when using lower-level networking APIs provided by Apple, or when using third-party networking libraries. Source
Related
I want to make sure that my iOS app will connect with a defined web server though web api and doesn't have any access to some other domain.
I have tried to implement NSAppTransportSecurity to define my web server domain but it is not working for me and the app can still have an access to other domains as well.
I'm using Alamofire networking library in Swift to make web API requests.
Please guide me whether I can achieve this or not.
Update:
ATS is not working for me with Alamofire library of Swift.
Example:
// This should be accessible from my app only and the app shouldn't send any request to other domains
www.mydomain.com
Update# 2
My Purpose
My aim is to restrict my app to do so because if any opensource framework I use in my app won't be able to access any other web server excepts the one I defined.
It would be great if something I can do in plist or from app settings for the general app target.
It's impossible to restrict/filter the network traffic with ATS.
ATS enforce security policies when loading HTTP- and URL-based resources and doesn't restrict/filter network traffic.
App Transport Security (ATS) is enforced by the NSURLSession class and all APIs that use it. ATS is automatically enabled when you link your app against the iOS 9.0 SDK or later or against the macOS 10.11 SDK or later. (The older NSURLConnection class also enforces ATS when you link against the iOS 9.0 SDK or later or against the macOS 10.11 SDK or later.) ATS protections are not available when using lower-level networking APIs provided by Apple, or when using third-party networking libraries. Source
As of iOS 9, all connections must be secure and follow a certain criteria. However, older apps that use http connections continue to work without an update. Why is this?
According the Documentation ATS is only enabled when you link against iOS 9.0 / macOS 10.11 or later. If you link against an older SDK version your app just continues to work without the ATS requirements.
If you link your app against an SDK for an operating system older than iOS 9.0 or OS X v10.11, your Internet connections continue to work but ATS is disabled, no matter which version of the operating system your app is running on. ATS is not available on operating systems older than iOS 9.0 or OS X v10.11; those older operating systems ignore the NSAppTransportSecurity key.
I am using Adobe Analytics for tagging purpose inside my app, its an old app with library version 3.1.8.
But now Apple is forcing for App Transport Security so how to check weather the library such as Adobe Analytics is ATS compliance and uses SSL in their request.
Any help is greatly appreciated.
As per adobe Website.
https://marketing.adobe.com/resources/help/en_US/mobile/ios/app_transport_security.html
This page refers to 4.7 and later. We can seamlessly configure to support ATS compliance.
Apple was Starting June 1, 2016 all apps submitted to the App Store must support IPv6-only networking.
https://developer.apple.com/news/?id=05042016a
Because the current SDK version is using the NSURLConnection, it does not support the IPv6-only network.
Therefore, the application will be rejected that are using the current SDK version.
Evernote need to develop a new version of the SDK that supports IPv6 using NSURLSession or CFNetwork APIs.
Posted in evernote web site of the forum, but there is no answer from the evernote.
We want to resolve to evernote in a hurry this important issue.
What should I do to hasten a solution to evernote?
I've been trying to modify my project to support WatchOS2 architecture.
Currently I have a networking framework that is based on AFNetworking. I've been using it with my watch app so far.
Now I'm trying to build the framework for watchos/watchsimulator platforms.
What I'm getting is
'SystemConfiguration/SystemConfiguration.h' file not found
error for some AFNetworking classes.
I know that system configuration is not one of the available system frameworks for watchOS2. And for networking apple says:
Networking
Support for network-based operations includes the following technologies:
WatchKit extensions can access the network directly using an NSURLSession object. WatchKit extensions have full access to the NSURLSession capabilities, including the ability to download files in the background. For information on how to use this class, see URL Loading System Programming Guide.
The Watch Connectivity framework supports bidirectional communication between your Watch app and iOS app. Use this framework to coordinate activities between the two apps. For more information, see Communicating with Your Companion iOS App.
I want to support both iOS and watchos for my networking sdk.
Is there a way to make this project built for watchOS platform?
Or is that mean I am only allowed to use NSURLConnection inside my watch app?
According to the AFNetworking documentation:
URL Loading The most commonly used classes in the URL loading system
allow your app to retrieve the content of a URL from the source. You
can retrieve that content in many ways, depending on your app’s
requirements. The API you choose depends on the version of OS X or iOS
your app targets and whether you wish to obtain the data as a file or
an in-memory block of data:
In iOS 7 and later or OS X v10.9 and later, NSURLSession is the preferred API for new code that performs URL requests.
If you take a look at the diagrams on that page, it indicates that AFNetworking actually uses NSURLSession in some cases. However, since the SystemConfiguration framework is not available in watchkit, you would need to remove that dependency in order to include AFNetworking in both your iOS and watchkit apps.
I'm not sure what AFNetworking uses this framework for (it is probably very important!), but if there are certain files that wouldn't need these settings in the watch app you could modify the AFNetworking source code to not include those items on the watch app:
#if os(iOS)
// Include SystemConfiguration framework
#elseif os(watchOS)
// Exclude SystemConfiguration framework
#endif
Here is a recent commit on github for AFNetworking to support watchOS.
https://github.com/AFNetworking/AFNetworking/commit/d184833fa015a783742b573cf48a3080b863a900
Looking at the changelog..
https://cocoapods.org/pods/AFNetworking#changelog
Version 2.6.0 supports watchOS...
This release now supports watchOS 2.0, which relys on target
conditionals that are only present in Xcode 7 and iOS 9/watchOS 2.0/OS
X 10.10. If you install the library using CocoaPods, AFNetworking will
define these target conditionals for on older platforms, allowing your
code to complile. If you do not use Cocoapods, you will need to add
the following code your to PCH file.