ATS in iOS 9 vs iOS 10

Question

My ATS settings to add excemption work on iOS 10 but I lose the ability to connect to a streaming audio source in iOS 9.Is this an iOS 9 vs iOS 10 thing? In XCode 8.1 if I remove the NSAllowsArbitraryLoads the audio will play on iOS 10 simulators but not a iOS 9.x real device.If I add the  NSAllowsArbitraryLoads back in the audio will play on the iOS 9.x device. How does this work? Could it be, to be backwards compatable I have to include the NSAllowsArbitraryLoads to the plist? Would the NSAllowsArbitraryLoads overrule the NSExceptionDomains entry?The below worked till 8.1 and iOS 9 devices&lt;dict&gt;  &lt;key&gt;NSExceptionDomains&lt;/key&gt;  &lt;dict&gt;  &lt;key&gt;live.mystream.net&lt;/key&gt;  &lt;dict&gt;  &lt;key&gt;NSIncludesSubdomains&lt;/key&gt;  &lt;true/&gt;  &lt;key&gt;NSTemporaryExceptionAllowsInsecureHTTPLoads&lt;/key&gt;  &lt;true/&gt;  &lt;/dict&gt;  &lt;/dict&gt;  &lt;/dict&gt;To make it work in 8.1 and iOS 9 devices&lt;dict&gt;  &lt;key&gt;NSAllowsArbitraryLoads&lt;/key&gt;  ******** Had to add this back in to get it to work in iOS 9  &lt;true/&gt;  &lt;key&gt;NSExceptionDomains&lt;/key&gt;  &lt;dict&gt;  &lt;key&gt;live.mystream.net&lt;/key&gt;  &lt;dict&gt;  &lt;key&gt;NSIncludesSubdomains&lt;/key&gt;  &lt;true/&gt;  &lt;key&gt;NSTemporaryExceptionAllowsInsecureHTTPLoads&lt;/key&gt;  &lt;true/&gt;  &lt;/dict&gt;  &lt;/dict&gt;  &lt;/dict&gt;Can anyone clarify this?Thanks in advance

eskimo · Answer

You can find a summary of the recent changes to ATS in my App Transport Security pinned post.  However, I can’t match up any of those changes to the observed behaviour you’re seeing.My best guess is that the server you’re talking to is redirecting you to an IP address.  iOS 10 is more lenient about allowing connections to IP addresses than iOS 9 was.  My recommendation is that you compare the traffic on the wire:Create a build without NSAllowsArbitraryLoads set, run that, and record the pattern of request it makes.Repeat the previous step with a build that includes NSAllowsArbitraryLoads.Compare the logs from steps 1 and 2.  You should see be able to (roughly) match up the initial requests and then see where the log from step 1 stops and the log from step 2 continues.Share and Enjoy — Quinn “The Eskimo!” Apple Developer Relations, Developer Technical Support, Core OS/Hardware let myEmail &#x3D; "eskimo" + "1" + "@apple.com"

ATS in iOS 9 vs iOS 10

Replies