upon running my app in ios9 simulator, i get app transport security related issues because some of my urls are not using https. I tried it in an ipad with ios9 and its working fine.
Upon release of ios9, should I expect my live app (sdk 8) to fail on ios9 devices? Just making sure if late appstore updates are safe.
Thanks!
Reference
If you’re developing a new app, you should use HTTPS exclusively. If you have an existing app, you should use HTTPS as much as you can right now, and create a plan for migrating the rest of your app as soon as possible. In addition, your communication through higher-level APIs needs to be encrypted using TLS version 1.2 with forward secrecy. If you try to make a connection that doesn't follow this requirement, an error is thrown. If your app needs to make a request to an insecure domain, you have to specify this domain in your app's Info.plist file.
I have written a summary and ways to how to check Acceptability of Webservice for iOS 9's App transport security
https://medium.com/#Mrugraj/app-transport-security-b7910c4fc70f
It have two ways
Using Curl
$ curl -v https://github.com/
Trying 192.30.252.130...
Using online tool like - https://www.ssllabs.com/ssltest/index.html
Related
I am getting an SSL error only when using while using WordPress for IOS I cannot view nor connect to my wordpress site from my IOS devices. After over a week of troubleshooting with my host and wordpress for ios the issues still persist and no one seem to figure out what the problem is.
iOS has new TLS restrictions as of iOS 13. I created a package written in Obj-C to handle sockets, and I also included a lot of good info in the readme about how to correctly configure certificates given the new restrictions.
https://github.com/eamonwhiter73/IOSObjCWebSockets/tree/master
Recently, I gave an iOS build to my client to test an app. I did it by using Unity and ARKit. From the client's feedback, he downloaded the application but the app is not initializing. In order to let the app to initialize, it requires Internet connection. I used a Plugin in my app when I contacted them, they told me that they are using Google's Firebase in their backend. Is this the reason that the app has been blocked or any other issues? Any suggestion?.
Btw, my client cannot use VPN. Is there a way to run something in code to change to VPN?
I want to make sure that my iOS app will connect with a defined web server though web api and doesn't have any access to some other domain.
I have tried to implement NSAppTransportSecurity to define my web server domain but it is not working for me and the app can still have an access to other domains as well.
I'm using Alamofire networking library in Swift to make web API requests.
Please guide me whether I can achieve this or not.
Update:
ATS is not working for me with Alamofire library of Swift.
Example:
// This should be accessible from my app only and the app shouldn't send any request to other domains
www.mydomain.com
Update# 2
My Purpose
My aim is to restrict my app to do so because if any opensource framework I use in my app won't be able to access any other web server excepts the one I defined.
It would be great if something I can do in plist or from app settings for the general app target.
It's impossible to restrict/filter the network traffic with ATS.
ATS enforce security policies when loading HTTP- and URL-based resources and doesn't restrict/filter network traffic.
App Transport Security (ATS) is enforced by the NSURLSession class and all APIs that use it. ATS is automatically enabled when you link your app against the iOS 9.0 SDK or later or against the macOS 10.11 SDK or later. (The older NSURLConnection class also enforces ATS when you link against the iOS 9.0 SDK or later or against the macOS 10.11 SDK or later.) ATS protections are not available when using lower-level networking APIs provided by Apple, or when using third-party networking libraries. Source
Current situation:
Not long ago, Apple delayed the mandatory use of https
Our app that
has been released, not fully forced to use https. Because some
requests in webView do not support https yet.
Questions:
If the requirement of using https was necessary, then could I
still use http in webView by setting the “Allow Arbitrary Loads in
Web Content” as “YES” and setting the “Allow Arbitrary Loads” as
“NO”?
In addition, would the requirement impact the app that has
been released already?
If you are using UIWebViews or WKWebViews, you could use the NSAllowsArbitrartyLoadsInWebContent exception to allow any http connection in your webviews. However, note that this would only help for devices running iOS 10 and greater. If your app supports iOS9, and you only include the web content exception, iOS 9 users will not be able to load sites that use http. In order to support both, Apple has a combination where you set both NSAllowsArbitrartyLoadsInWebContent and NSAllowsArbitrartyLoads in your Info.plist. This will basically disable App Transport Security (ATS) on iOS 9 devices, but in iOS 10, the NSAllowsArbitrartyLoadsInWebContent setting will override the NSAllowsArbitrartyLoads setting, meaning http and non-ATS compliant connections will only be allowed in WebViews.
I would recommend that if you allow the user to do web browsing to arbitrary sites within your app, you should consider switching to SFSafariViewController. It does not require any ATS exceptions, because it is essentially embedding Safari within your app, but as a separate process. If you can't control the sites your users can go to, it provides flexibility while giving them the best experience.
As for apps already in the store: if the app was compiled with a base SDK prior to iOS 9, the ATS protections would not have been baked in. The app should run fine on iOS 9 and iOS 10. You can confirm by installing the app from the App Store on an iOS 9 or 10 device and confirming you can hit http:// URLs.
Just understand that Apple did not delay the requirement for using https - ATS is active on devices running iOS 9 and up, for apps that were compiled with iOS9 or greater base SDK. What they delayed was the need to provide justification when using the NSAllowArbitraryLoads exception. That check is done when you submit the app to Apple. No existing apps in the store will be affected, it's just that if you need one of the exceptions listed above, you will need to have a reason for disabling aspects of ATS. If your current app in the store is using the NSAllowsArbitraryLoads exception, you have disabled ATS for your app and at some point, Apple is going to want you to explain why you are potentially putting your users at risk by doing insecure communications with servers.
I have uploaded my app to Apple store. I am using iOS 10.2. After upload, I got a rejection message:
Your app crashes on iPad and iPhone running iOS 10.2 connected to an IPv6 network when we:
Specifically, we found that the app crashes after sending messages on Wi-Fi
How can I solve this?
If you app contains webservices and you have implemented NSURConnection then please convert all NSURLConnection to NSURLSession . .
My App got rejected for the same reason, but it was not the issue. The reason my app got rejected because it got crashed on login button click.
It was working when i compile and run with xcode (ie xcode 8.2.1) but apple said it was crashing.
So i tried running it in release mode because we usually run our app in debug mode when we run on xcode.
from
to
And my App crashed when i ran it on release mode and i found the bug, it happened when the compiler tried to optimise a decryption function.
I think there is some issue with the new llvm 8.0 compiler.
Now my App got even approved by AppStore.
The answer is fairly simple, you're going to have to try and reproduce the crash and fix it.
Apple won't let apps into the App Store of which it finds crashes for. I'd recommend finding a friend/family member who has an IPv6 enabled network (if you can't enable it yourself) and attempting to use your app in various conditions under that network.
The App Review network, like the networks deployed by service providers, does support IPv6-to-IPv6 connectivity. Thus, if your server supports IPv6, your app will talk to it directly, without going through the NAT64 translator.
Please check your link is support ipv6 or not use this LINK
and read more
Just add a CDN (Example: Cloudflare) to your domain, change nameservers accordingly and make sure IPv6 compatibility feature is turned ON. This worked for me