We have an iOS App for Point of Sale application and this App connect to a back-end Store server in the same local network. This environment is maintained by our customers and we have little control if our customer doesn't want to establish a secure connection in their network. Can you please confirm if we can disable ATS (NSAllowsArbitraryLoads = YES) for our App and if this will be an acceptable justification?
Can you please confirm … if this will be an acceptable justification?
This is a question about App Review policy — and incomplete App Review policy at that — so no one here can give you definitive answer. You’ll find references to the information that App Review has published in my App Transport Security pinned post.
Coming back to the technical, you wrote:
We have an iOS App for Point of Sale application and this App connect to a back-end Store server in the same local network.
… disable ATS (
= YES) for our App …NSAllowsArbitraryLoads
Are sure that disabling ATS completely is the smallest possible exception you can use? Have you looked at
NSAllowsLocalNetworkingHonestly though, the best option here is for you to talk to your customers about enabling HTTPS. It seems like that’d be pretty important for a POS system.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"