I am still puzzled regarding 3d party servers.
From Apple’s perspective, you are responsible for the code running inside your app. Ignoring ATS for the moment, if you use a third-party library that does something dumb (uses a private API, fills the user’s disk with junk, or whatever), it’s obvious that App Review will hold you responsible for that behaviour.
ATS is no different from this. If ‘your’ code is accessing a server, you need to ensure it uses ATS-compliant HTTPS, or you need to add an appropriate ATS exception (and, once this policy is enforced by App Review, justify that to App Review).
As to what sort of “reasonable justification” that App Review will accept for third-party SDKs accessing third-party servers, I can’t speak to that.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"