How do iOS apps securely communicate with servers?
Intro
In many iOS apps, They usually communicate with the server. Sometimes, Sensitive personal information is exchanged in an app connected to the server. Today, I’ll talk about how iOS apps securely communicate with servers with an ATS(App Transport Security).
What is ATS?
ATS(App Transport Security)is a feature to enhance the security of network connections in iOS and macOS applications. ATS blocks connections that don’t meet minimum security requirements.
ATS operates by default for apps linked against the iOS 9.0 or macOS 10.11 SDKs or later.
How does ATS work?
The ATS is used by default when sending and receiving data using URL Session, CFURL, and NSURL Connection APIs. Networks that do not meet Apple’s recommended requirements may fail to connect.
Here are Apple’s recommended requirements. You can see the latest criteria in the link below.
How to handle exceptional situations?
If the application is unable to meet the requirements of the ATS, the ATS function can be disabled. Below are some exceptions to disable the ATS function.
- Allow all HTTP connections
2. Disable ATS in only Web View
3. Disable ATS in specific domain
But in these cases, When you submit your iOS app with these settings, your submission will refused. So when setting exceptions, the reason for setting them should be well explained.
Some examples of fair exceptions can be seen in official documents.
Conclusion
If an exception situation is unavoidable, You should make it as limited in scope as possible. Also, when submitting the app, you must give enough explanation for the exception.
