7 Replies
      Latest reply: Dec 11, 2016 2:32 PM by eskimo RSS
      flopez Level 1 Level 1 (0 points)

        There seems to be an unclear statement on whether ATS is going to be required to be ON in order to continue submitting to the app store. Do we know if there is a date for ATS to be a requirement? Or did they just leave it at "Opt-out" for the time being?

        • Re: App Transport Security due date
          eskimo Apple Staff Apple Staff (6,470 points)

          Do we know if there is a date for ATS to be a requirement?

          Apple has not made any formal announcement in that regard.  Announcements like this typically get posted on our News and Updates page, so I recommend that you monitor that (it has an RSS feed even).


          Please don’t read the above as implying that an announcement is imminent.  Honestly, I don’t have any knowledge of Apple’s upcoming plans in this space.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: App Transport Security due date
              flopez Level 1 Level 1 (0 points)

              Thanks for the quick response, I'll definitely monitor the feed.

              • Re: App Transport Security due date
                sean@vzw Level 1 Level 1 (0 points)

                What's the latest?  I am hearing a deadline has been announced and I"m unclear what exactly that entails.  Thanks Mr. Eskimo

                  • Re: App Transport Security due date
                    eskimo Apple Staff Apple Staff (6,470 points)

                    Please read my App Transport Security pinned post and then write back if you have follow-up questions.

                    Share and Enjoy

                    Quinn “The Eskimo!”
                    Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                    let myEmail = "eskimo" + "1" + "@apple.com"

                      • Re: App Transport Security due date
                        vhugo Level 1 Level 1 (0 points)

                        Hello Eskimo,

                         

                        So my questions are:

                        1. What if I currently have an application in the store and it is consuming some HTTP webservices, is the app going to get down from the store by Apple?
                        2. What if I'm using an embed browser viewer to render some PDFs, is that also necessary to change to HTTPS? The PDFs rendered are coming from external URLs.
                        3. What about testing the app on TestFlight, when running internal tests we point the webservices to a DEV server rather than production, and for instance DEV server does not have HTTPS implemented, should we then buy and install a secured certificate for DEV server as well?

                         

                        thanks in advance,

                        Victor

                          • Re: App Transport Security due date
                            inspectordev Level 1 Level 1 (0 points)

                            Your first question is what I'd also like to know or will my app simply stop working?

                            • Re: App Transport Security due date
                              eskimo Apple Staff Apple Staff (6,470 points)

                              1. What if I currently have an application in the store and it is consuming some HTTP webservices, is the app going to get down from the store by Apple?

                              The announced change is an App Review policy change, not a technical change to iOS itself.  In theory App Review could apply this retroactively to apps in the store, but that’s not what’s been announced.

                              2. What if I'm using an embed browser viewer to render some PDFs, is that also necessary to change to HTTPS? The PDFs rendered are coming from external URLs.

                              I’m not sure whether you’re asking a policy question or a technical question here.

                              3. What about testing the app on TestFlight, when running internal tests we point the webservices to a DEV server rather than production, and for instance DEV server does not have HTTPS implemented, should we then buy and install a secured certificate for DEV server as well?

                              Yes.

                              Note that my answer here has nothing to do with App Review policy but is based on the notion that your testers deserve the same level of protection as your normal users.

                              Share and Enjoy

                              Quinn “The Eskimo!”
                              Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                              let myEmail = "eskimo" + "1" + "@apple.com"