Hi,
We are developing a smart home application which is communicating with our own devices (like smart socket plug) via HTTPS.
Devices use our own CA, and iOS application set this certificate as a trusted by calling 'SecTrustSetAnchorCertificates' and override hostname according to: (https://developer.apple.com/library/content/documentation/NetworkingInternet/Conceptual/NetworkingTopics/Articles/OverridingSSLChainValidationCorrectly.html)
with ATS fully enabled (NSAllowsArbitraryLoads set to False).
And everything works just fine.
I read this topic: https://forums.developer.apple.com/message/169269
and according to it, we shouldn't be able to accomplish communication because:
"When ATS is enabled for a server you still get server trust authentication challenges (
NSURLAuthenticationMethodServerTrust
) and you can use that to increase security. However, you can’t use this to decrease security, that is, ATS provides a minimum level of security for a domain."User eskimo said that this is a bug:
This is a bug in the interaction between ATS and the NSURLSession delegate callback (r. 27866669).
It was 2 years ago and it still works, so i'm wondering if our approach is correct and will be approved in App Store or not?
We can't use CA trusted by Apple because we will have like thousand of devices and it will be just to expensvice even more expensive than device itself.