NSAppTransportSecurity section - [Availability of ATS for Remote and Local Connections] said, ATS applies only to connections made to public host names. The system does not provide ATS protection to connections made to:
- Internet protocol(IP) address;
- Unqualified host names;
- Local hosts employing the .local top-level domain(TLD).
Now I am working on the ATS+HTTPS issue to let my SDK suit the requirement mentioned in WWDC 2016. Server API using domains will change to use HTTPS in no doubt. But now that server API using IP address (not domain) works well under ATS in iOS 10+ but not in iOS 9. It seems that the system does not provide ATS protection to connections to IP address in iOS 10 system. Who can explain this or any doc to refer?
So does that means keep using server API using IP address will work well in the future? Will it triger the addtional App Store Review?