I have read that with the flag
NSAllowsArbitraryLoads
Apple is enforcing communication via HTTPS and all apps that don't support that will not be added to the App Store.
That’s not quite right. Apple has announced that use of this will eventually require “reasonable justification”, but enforcement of that has been deferred. My App Transport Security pinned post has the backstory.
Does the same rule apply for apps developed for internal enterprise usage?
Enterprise apps are required to follow App Store rules. However, as this rule is about providing justification, it’s unlikely to ever trip you up.
Having said that…
HTTP, really!?! It’s 2019, you shouldn’t be running any service over HTTP. Getting an HTTPS certificate for your server is pretty straightforward:
If this server is on the public Internet, getting a valid certificate is both cheap and easy (where cheap can mean free).
If not, you can have your enterprise certificate authority (CA) issue your server a certificate.
Keep in mind that HTTPS is not just about secrecy; it also allows you to trust the data being returned by the server. With HTTP you might end up talking to an untrusted server, that returns bogus (or even malicious) results.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"