iOS 13 Certificate Pinning and Encrypted Data Management

Hi, I am trying to track down the docs for this, but there wasn't a "What's New in iOS Security" session that I could find from last week. My enterprise utilizes SSL Decryption/Inspection at the firewall, which of course, replaces each certificate with one of our own. This has worked mostly ok through iOS 12.x, but I am noticing that our iOS 13 test devices are basically failing every SSL transaction now. Some apps are reporting that the certificate is invalid, others like Safari, are just failing to load any pages.


What I'm trying to find out is whether or not certificate pinning is being enforced in iOS 13. If it is, I will have to let our security team know that we may not be able to decrypt iPhone traffic now. I realize that this is only going to impact enterprises that are inspecting traffic, but has anyone else run into this? Does anyone know where i can find documentation on the network security changes in iOS 13?


Thanks,

Jesse

Up vote post of davisjj Down vote post of davisjj
2.7k views
Posted by
davisjj
Reply
Add a Comment

Replies

Does anyone know where i can find documentation on the network security changes in iOS 13?

Check out Requirements for trusted certificates in iOS 13 and macOS 10.15.

You’ll note that this article is on the customer-facing support site, not the developer site. That’s because this is more of a customer support issue than a question about APIs. Given that, you might have more luck asking it over in Apple Support Communities, run by Apple Support.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Thanks Eskimo. It seems that, this year in particular, Apple is really starting to acknowledge that the IT Community has a lot of overlap with the Developer community, making the betas available via ABM membership. We're in the Enterprise dev program as well, but it's nice to see them recognizing that it isn't just developers who need to test. That said, I think this issue probably falls into the ABM/Enterprise space, and I'm not sure if there is a forum for that or not.


In any event, thanks for pointing me to the new cert requirements. A colleage had also sent that to me. Unfortunately, that doesn't speak to whether or not certificate pinning is being enforced. I'll keep digging.


Thanks again,

Jesse

Posted by
davisjj
Up vote reply of davisjj Down vote reply of davisjj
Add a Comment