2 Replies
      Latest reply: Oct 31, 2016 11:29 PM by Junmo RSS
      Junmo Level 1 Level 1 (0 points)

        NSAppTransportSecurity section - [Availability of ATS for Remote and Local Connections] said, ATS applies only to connections made to public host names. The system does not provide ATS protection to connections made to:

        - Internet protocol(IP) address;

        - Unqualified host names;

        - Local hosts employing the .local top-level domain(TLD).

        Now I am working on the ATS+HTTPS issue to let my SDK suit the requirement mentioned in WWDC 2016. Server API using domains will change to use HTTPS in no doubt. But now that server API using IP address (not domain) works well under ATS in iOS 10+ but not in iOS 9.  It seems that the system does not provide ATS protection to connections to IP address in iOS 10 system. Who can explain this or any doc  to refer?

        So does that means  keep using server API using IP address will work well in the future? Will it triger the addtional App Store Review?

        • Re: Availability of ATS for Remote Connections
          eskimo Apple Staff Apple Staff (7,530 points)

          Are your servers available on the wider Internet?  If so, I strongly encourage you to use DNS names for all connections to those servers.  This has a bunch of benefits:

          • it avoids any weird edge cases with ATS

          • it make IPv6 compatibility easier

          • it enables VPN On Demand

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: Availability of ATS for Remote Connections
              Junmo Level 1 Level 1 (0 points)

              My servers are available on wider Internet. I know the benefits using domains instead of IPs for the connections. But our business is to provide basic SDK dealing with domain name resolution to other developers. So we have to provide services accessed using IP to avoid services of ourselves being domain hijacked.

              So in this case, as you said, our services connections accessed through IP address will use HTTPS in the near future.