CFNetwork API

Hello,


I need to open Http connections in my application to servers which aren't under my responsibility so I cannot force them to use Https and due to the Apple restricition in 2017 that all connections must be secure I would like to use CFNetwork API for my application.

My question: will that API usage reject my application during the App Store review? I mean, will Http request over CFNetwork can reject my app?

Up vote post of robybd Down vote post of robybd
425 views
Posted by
robybd
Reply
Add a Comment

Replies

What do you mean by “CFNetwork API”? NSURLSession? NSURLConnection?

Some factoids:

  • NSURLSession, NSURLConnection and anything layered on top of them are subject to the enhanced security imposed by App Transport Security (ATS).

  • Talking to an insecure server will require you to add an ATS exception.

  • Apple has announced that, sometime soon, App Review will start reviewing ATS exceptions, and that wide-ranging ATS exceptions will require “reasonable justification”.

I don’t work for App Review and thus can’t comment on what constitutes reasonable justification. However, my App Transport Security pinned post has references to the information that is available on that front.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment