App Transport Security due date

There seems to be an unclear statement on whether ATS is going to be required to be ON in order to continue submitting to the app store. Do we know if there is a date for ATS to be a requirement? Or did they just leave it at "Opt-out" for the time being?

Up vote post of flopez Down vote post of flopez
7.1k views
Posted by
flopez
Reply
Add a Comment

Replies

Do we know if there is a date for ATS to be a requirement?

Apple has not made any formal announcement in that regard. Announcements like this typically get posted on our News and Updates page, so I recommend that you monitor that (it has an RSS feed even).

Please don’t read the above as implying that an announcement is imminent. Honestly, I don’t have any knowledge of Apple’s upcoming plans in this space.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Thanks for the quick response, I'll definitely monitor the feed.

Posted by
flopez
Up vote reply of flopez Down vote reply of flopez
Add a Comment

What's the latest? I am hearing a deadline has been announced and I"m unclear what exactly that entails. Thanks Mr. Eskimo

Posted by
sean@vzw
Up vote reply of sean@vzw Down vote reply of sean@vzw
Add a Comment

Please read my App Transport Security pinned post and then write back if you have follow-up questions.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Hello Eskimo,


So my questions are:

  1. What if I currently have an application in the store and it is consuming some HTTP webservices, is the app going to get down from the store by Apple?
  2. What if I'm using an embed browser viewer to render some PDFs, is that also necessary to change to HTTPS? The PDFs rendered are coming from external URLs.
  3. What about testing the app on TestFlight, when running internal tests we point the webservices to a DEV server rather than production, and for instance DEV server does not have HTTPS implemented, should we then buy and install a secured certificate for DEV server as well?


thanks in advance,

Victor

Posted by
vhugo
Up vote reply of vhugo Down vote reply of vhugo
Add a Comment

Your first question is what I'd also like to know or will my app simply stop working?

Posted by
inspectordev
Up vote reply of inspectordev Down vote reply of inspectordev
Add a Comment

1. What if I currently have an application in the store and it is consuming some HTTP webservices, is the app going to get down from the store by Apple?

The announced change is an App Review policy change, not a technical change to iOS itself. In theory App Review could apply this retroactively to apps in the store, but that’s not what’s been announced.

2. What if I'm using an embed browser viewer to render some PDFs, is that also necessary to change to HTTPS? The PDFs rendered are coming from external URLs.

I’m not sure whether you’re asking a policy question or a technical question here.

3. What about testing the app on TestFlight, when running internal tests we point the webservices to a DEV server rather than production, and for instance DEV server does not have HTTPS implemented, should we then buy and install a secured certificate for DEV server as well?

Yes.

Note that my answer here has nothing to do with App Review policy but is based on the notion that your testers deserve the same level of protection as your normal users.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Apple

Posted by
Android_Apple
Up vote reply of Android_Apple Down vote reply of Android_Apple
Add a Comment