1 Reply
      Latest reply on Nov 16, 2016 2:42 AM by eskimo
      robybd Level 1 Level 1 (0 points)



        I need to open Http connections in my application to servers which aren't under my responsibility so I cannot force them to use Https and due to the Apple restricition in 2017 that all connections must be secure I would like to use CFNetwork API for my application.

        My question: will that API usage reject my application during the App Store review? I mean, will Http request over CFNetwork can reject my app?

        • Re: CFNetwork API
          eskimo Apple Staff Apple Staff (13,395 points)

          What do you mean by “CFNetwork API”?  NSURLSession?  NSURLConnection?

          Some factoids:

          • NSURLSession, NSURLConnection and anything layered on top of them are subject to the enhanced security imposed by App Transport Security (ATS).

          • Talking to an insecure server will require you to add an ATS exception.

          • Apple has announced that, sometime soon, App Review will start reviewing ATS exceptions, and that wide-ranging ATS exceptions will require “reasonable justification”.

          I don’t work for App Review and thus can’t comment on what constitutes reasonable justification.  However, my App Transport Security pinned post has references to the information that is available on that front.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"