I want to ask if app will be rejected because of our sdk which uses http?
That depends. App Review will require that apps with ATS exceptions provide “reasonable justification” for those exceptions. As to what’s “reasonable”, ultimately it’s App Review’s call but it’s hard to offer any insight without knowing more about what your SDK does.
My App Transport Security pinned post provides links to documentation that provides some insight into this.
In other words, do we need to change our sdk to not use http by the end of 2016?
You should aim to switch to ATS-compliant HTTPS as soon as possible. That’s the easiest way to avoid this entire issue.
Frankly, you should have started this process last year, when ATS was first introduced )-:
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"