App Transport Security for NAT Traversal Apps

Hello,

We have an app which uses STUN, TURN and ICE for nat traversal and my question is do I need to make those network connections to be encrypted? Or does the App Transport Security requirements applies to them?

Also does ATS applies to a direct IP communication or is it mandatory when using domains?

Thanks,

Up vote post of Dvyz Down vote post of Dvyz
861 views
Posted by
Dvyz
Reply
Add a Comment

Accepted Reply

In the case of in-home networking, we do use NSURLSession but in the case of out-of-home we use socket apis.

Well, that’s weird; normally folks have this the other way around.

Regardless, the rules here are clear: if you use NSURLSession, you have to deal with ATS. Be aware that ATS’s support for local networking is rather limited; for details, see the App Transport Security and local networking thread.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

Replies

ATS applies to HTTP and HTTPS requests made by NSURLSession (and the new-deprecated NSURLConnection). Are you using those APIs?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

I should have been more clear. In the case of in-home networking, we do use NSURLSession but in the case of out -of-home we use socket apis. (I guess out-of-home is kind of covered) but in-home http calls are not.

Posted by
Dvyz
Up vote reply of Dvyz Down vote reply of Dvyz
Add a Comment

In the case of in-home networking, we do use NSURLSession but in the case of out-of-home we use socket apis.

Well, that’s weird; normally folks have this the other way around.

Regardless, the rules here are clear: if you use NSURLSession, you have to deal with ATS. Be aware that ATS’s support for local networking is rather limited; for details, see the App Transport Security and local networking thread.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

Yes, it is weired in a way. The reason is we have a specific device we are looking for in home and which supports only http requests.

Btw. great to hear this

"It’s possible that the situation with ATS and local networking might change prior to the new ATS requirement being enforced but, if it does not, you will have to ship with 

NSAllowsArbitraryLoads
."
Posted by
Dvyz
Up vote reply of Dvyz Down vote reply of Dvyz
Add a Comment