This post is part of the Local Network Privacy FAQ.
What operations require local network access?
The general rule is that outgoing traffic to a local network address requires that the user grant your app local network access. Common scenarios include:
-
Making an outgoing TCP connection — yes
-
Listening for and accepting incoming TCP connections — no
-
Sending a UDP unicast — yes
-
Sending a UDP multicast — yes
-
Sending a UDP broadcast — yes
-
Connecting a UDP socket — yes
-
Receiving an incoming UDP unicast — no
-
Receiving an incoming UDP multicast — yes
-
Receiving an incoming UDP broadcast — yes
These TCP and UDP checks are done at the lowest levels of the system and thus apply to all networking APIs. This includes Network framework, BSD Sockets, NSStream, and NSURLSession, and any other protocols that you layer on top of those.
IMPORTANT Receiving an incoming UDP multicast or broadcast does not currently require local network access but, because we hope to change that in a future update, our advice right now is that you write your code as if did (r. 69792887, 70017649).
Resolving link-local DNS names (those ending with local, per RFC 6762) requires local network access. Again, this check applies to a wide variety of APIs including <dns_sd.h>, <net_db.h>, Network framework, NSStream, and NSURLSession.
Finally, all Bonjour operations require local network access:
-
Registering a service with Bonjour — yes
-
Browsing for Bonjour services — yes
-
Resolving a Bonjour service — yes
Again, these checks apply to all APIs that use Bonjour, including <dns_sd.h>, Network framework, NSNetService, and Multipeer Connectivity.
Note You must declare the Bonjour service types you use in your Info.plist. See FAQ-14 How do I map my Multipeer Connectivity service type to an entry in the Bonjour services property? for details.
Bonjour-based services where you don’t see any details of the network do not require local network access. These include:
-
AirPlay — no
-
Printing via UIKit — no