There have been some technical changes in this space (for example,
NSAllowsArbitraryLoadsInWebContent
) but, for the most part, iOS 10 and iOS 9 behave the same way with regards ATS. The important changes here are business changes. Once this requirement is in place, App Review will require that you provide
reasonable justification for your ATS exception dictionary.
The above obviates a lot of your specific questions but there are some that are still valid. You wrote:
2. Is it included about using ATS in case of normal web browsing with using Safari, Chrome or Firefox etc..?
If you’re creating a program that allows access to arbitrary web sites you will need a wide-ranging ATS exception. Specifically:
If you’re using UIWebView, you will need to use
NSAllowsArbitraryLoads
. In this case you should include an explanation as to why it’s necessary for you to continue using UIWebView rather than WKWebView.If you’re using WKWebView, take advantage of
NSAllowsArbitraryLoadsInWebContent
.If you’re using SFSafariViewController, you shouldn’t need any ATS exceptions; SFSafariViewController acts just like Safari with regards ATS.
3. Does HTTPS in normal web browsing need to use TLS 1.2 or more?
I need you to be more specific about what you mean by normal web browsing. If you’re asking whether Safari requires TLS 1.2, the answer is no.
4. Is it official information that ATS requirement will become mandatory from 2017/1/1?
We haven’t published an exact date as to when this change will take place. If you’re looking for updates, I suggest you monitor our News and Updates page (it even has an RSS feed).
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"