Availability of ATS for Remote Connections

NSAppTransportSecurity section - [Availability of ATS for Remote and Local Connections] said, ATS applies only to connections made to public host names. The system does not provide ATS protection to connections made to:

- Internet protocol(IP) address;

- Unqualified host names;

- Local hosts employing the .local top-level domain(TLD).

Now I am working on the ATS+HTTPS issue to let my SDK suit the requirement mentioned in WWDC 2016. Server API using domains will change to use HTTPS in no doubt. But now that server API using IP address (not domain) works well under ATS in iOS 10+ but not in iOS 9. It seems that the system does not provide ATS protection to connections to IP address in iOS 10 system. Who can explain this or any doc to refer?

So does that means keep using server API using IP address will work well in the future? Will it triger the addtional App Store Review?

Replies

Are your servers available on the wider Internet? If so, I strongly encourage you to use DNS names for all connections to those servers. This has a bunch of benefits:

  • it avoids any weird edge cases with ATS

  • it make IPv6 compatibility easier

  • it enables VPN On Demand

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

My servers are available on wider Internet. I know the benefits using domains instead of IPs for the connections. But our business is to provide basic SDK dealing with domain name resolution to other developers. So we have to provide services accessed using IP to avoid services of ourselves being domain hijacked.

So in this case, as you said, our services connections accessed through IP address will use HTTPS in the near future.