I posted my suggestions regarding App Transport Security and local networking as Enhancement request: 21669759
Excerpt from the radar:
In local networking scenarios (like communicating with DLNA servers, appliances like Philips Hue Lights, Wi-FI SD cards, wireless hard disks) it's often not possible to implement HTTPS/TLS based communication as required by App Transport Security. The target devices do not support HTTPS/TLS and in many cases never will.
At the moment communicating with these devices, requires disabling App Transport Security for the entire application (NSAllowsArbitraryLoads = true) as domain based exceptions can't be applied here.
It should be possible to disable App Transport Security for local networking without compromising the security of the whole app.
Suggestion: Introduce a key NSAllowsArbitraryLoadsLocalNetworkOnly. When this key is set to true, it allows unencrypted http communication between devices on the same local network (IPv4 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 and IPv6 fd00::/8, and 127.0.0.1 for development purposes).
If anyone has better ideas how to handle these cases, I am looking forward to hear them.
Cheers,
Hendrik