I know that ATS needs to be configured statically at build time and is not meant to be (re-)configured at runtime (to quote Quinn: "[...] if ATS is enabled for a domain, developer code should not be able to decrease security for that domain.", cf. https://forums.developer.apple.com/message/159271#159271), but what if I want to increase security? From the documentation: "You can also increase a named domain’s protections by requiring Certificate Transparency" (cf. https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW35).
We have an app that supports connecting to more or less arbitrary hosts and would like to be able to utilize CT for any host that supports it, which obviously we don't know at build time.
To the best of my knowledge there is no way to achieve that; am I correct?