Hi, My company has an app that is communicating with local servers with self signed certificates, meaning in order to allow the app to have connection in the testing environment I had to add a few domains in NSExceptionDomains in App Transport Security Settings section of the Info.plist. The problem is, our Cyber department is not allowing us to upload the app with these domain in the app fearing a data leak. I had a Build Phase script using PlistBuddy that deleted those settings when archiving in Release but that no longer works as Apple recommended to set ”Generate Info.plist file” to true as a best practice.
I tried to read about it and found out that info.plist is now generated after the build phases step so modifying it is impossible because it doesn’t exist yet in the $TARGET_BUILD_DIR when the script is running.
Other than deleting it manually before each upload which is highly prone to mistakes, I need something like a script or some other automatic solution.
Does Anyone have any suggestions to help me with this?
Thanks
I generally solve this problem is a very different way: Rather than tweak the app, I tweak my testing devices so that they trust the test server. See QA1948 HTTPS and Test Servers.
our Cyber department is not allowing us to upload the app with these domain in the app fearing a data leak.
And they are right to do so. As I noted in QA1948, I’ve seen major developers make this mistake O-:
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"