Can I develop an app that uses a specified HTTP proxy for all web requests? If yes, how can I implement such feature in the app? (any similar links are also useful)
And, can I set this proxy configuration to device level from within the app?
Please direct to any related information or reading. Thanks :)
You can't change the device configuration from within the app, imagine how insecure would be if apps could do it, they could redirect all the phone traffic to their proxies.
And for doing it on your own app, you'll have to do it yourself too, try creating your own url request subclassing NSURLRequest
A standard app store app cannot do it, but apparently a select few apps have been blessed with additional non-standard, undocumented entitlements by Apple to enable the setup of a device-wide VPN configuration. See http://blog.michael.kuron-germany.de/2010/09/ios-4-1-undocumented-vpn-api-used-by-cisco-anyconnect/ for some hints on how that works.
Related
I know its not an bit technical question. But I still did not get any expert help to go on to this issues. So I am posting here.
I know arbitrary loader = yes is mandatory from 2018. But with my http and arbitrary loader = yes will they allow my app to app store.
Is it arbitrary loader = yes is mandatory when we push to app store. Because my application have only http with some port number db for api call . should I need to do https or with http i can upload to app store.
With http and arbitrary loader = no.it not even running in my simulator and device
So please confirm if i set arbitrary loader=yes, with http call will apple approve my app OR should i needs to use only https and arbitrary loader = yes.
Please suggest some idea for this.
Thanks
For the security reason Apple doesn't allow thehttp api call to the app. You need to either callhttps api or you can by pass this by settings Allow Arbitrary Loads to YES in Info.plist file.
If you upload app on App Store apple with http with Allow Arbitrary Loads set to YES then they won't reject you app for this reason at least.
So feel free to submit your app to App Store.
If you use https api call then no need to worry about anything.
Note: you can also add exception domains in Info.plist.
I'm making a web browser and I'm in the process of finalizing the application and submitting it to the app store.
One of the things I left for last is App Transport Security.
I know it's forced so Developers use https:// instead of http:// but a web browser can't be limited like this.
Is there anything else I can do besides adding "NSAllowsArbitraryLoads: YES" to the info.plist file?
For iOS 10+, you can evaluate using NSAllowsArbitraryLoadsForMedia,
NSAllowsArbitraryLoadsInWebContent,
NSRequiresCertificateTransparency or
NSAllowsLocalNetworking instead of the highly insecure ArbitraryLoads: YES.
However, for a web browser application, I don't see much of an alternative besides ArbitraryLoads: YES. You can consider implementing alerting the user when loading such sites.
This is the complete guide to ATS
I tested Universal Links in iOS by turning on Airplane mode and saw that the correct application was opened (instead of a website)
This indicates some level of "caching" the apple-app-site-association.
I want to determine the extent to which this is cached, so I can determine
What UX edge cases are there (e.g. Offline for x days)
What security considerations are there (e.g. MITM / SSLStrip + .well-known/URL)
etc.
Ideally I would like to have details if additional logic is employed (conditional caching if HTTPS employed, DNSSec, etc)
The exact behavior here is (intentionally?) unclear from Apple. Here is my personal experience, gleaned partly from official documentation and partly from helping thousands of apps implement Universal Links at Branch.io.
The apple-app-site-association file is cached once when the app is first installed.
If this initial scrape fails, in almost all situations it will not be reattempted. The only exception to this is if the initial return is a 5xx error, in which case a limited number of retries may occur. This is not well-documented, and is not covered in Universal Links documentation at all. You can find a mention in the Shared Web Credentials docs.
The file is not checked at all when a Universal Link is opened. This is why you are able to get Universal Links behavior in airplane mode.
The file does not expire. Once it is cached, it sticks permanently for as long as the app is installed.
The file will be re-checked when installing an app update.
The file must be accessible via a valid SSL connection at either https://example.com/apple-app-site-association or https://example.com/.well-known/apple-app-site-association. If there are redirects of any kind, this will fail.
It is theoretically possible to MITM the request if you are able to install a new SSL certificate directly on the device in question. Charles Proxy for example uses this approach for debugging. I have never seen or heard of this being exploited, and the damage would be quite limited because the domain still has to be specified inside the app itself.
I found a way to get around the caching issue. The cache is bound to the domain name, so for every time you want iOS to request apple-app-site-association you can create a new subdomain, and configure iOS to use that subdomain as the universal link for your app.
Extremely hacky, but it is the only workaround that worked for me.
I am trying to implement deeplinking in iOS.
After a little research i came to know the if we need to navigate to our app(if installed) on click of a link, we need to work on server side also.
Is there anyway to work out this without server side dependency?
The old-fashioned approach to deep linking used custom URI schemes, which didn't require any server-side implementation. These don't work well anymore. Apple introduced Universal Links in iOS 9, which do require a server-side update.
If you don't want to deal with all the implementation details, check out Branch.io (full disclosure: I'm on the Branch team). It's a free service that takes care of all this without any server requirements from you.
There are two ways to link to your app:
Make iOS redirect URLs of your website to your app (Universal Links)
For example http://maps.apple.com/?q=1+Infinite+Loop opens the Maps App and YouTube-Links redirect to the YouTube-App, if it is installed.
This requires some server-side configuration.
I have not worked with Universal Links yet, so I can just propose you to read this document by Apple about this topic.
Use a custom URL scheme
If you don't want to do anything on your server, you need to use a custom URL-scheme like myapp://this/is/a/url
Basically, I want to make a fake DNS entry for a URL, and force that URL to resolve to a specific IP. Is there a way to do this in iOS that wouldn't get an app rejected? I can't seem to find a way to do this (still at square one). Can anyone point me in the right direction (class reference, third party framework, etc)? If not, is there a rule/policy/something else that I've overlooked which makes it impossible?
You can not do this officially at the iOS app level because the DNS is set by the OS and you can not modify the entries due to the iOS Sandbox. This means it is not possible if you are creating an app which you'll submit to the Apple App Store. You could build something within your own app where if you have some browser, you intercept the URL and redirect it but of course this will be local within your app and not when the user uses Mobile Safari or Chrome etc.
If you are creating an app for Jailbroken devices, you could modify the /etc/hosts file and add your entry there
One simple solution:
Let's say, you want to GET http://httpbin.org/get,
and you don't want to use domian, but use ip address 54.175.219.8,
you can just make a request, set http://54.175.219.8/get as path, and add a new http header: {"host": "httpbin.org"}.
General solution:
Implement your own NSURLProtocol like https://github.com/mattt/NSEtcHosts