Tag Archives: Programming

iOS and App Transport Security Settings

Leave a reply

Some time ago, Apple added a security feature to iOS that requires all domains that an app needs to connect to without HTTPS be white-listed in the info.plist file.

It’s pretty simple, you create a Dictionary object with the name of NSAppTransportSecurity and then add a key with the name NSAllowsArbitraryLoads and the bool value of True.  This will basically bypass the security system and allow your app to read from any website.

The problem coming down the pipe, is they are going to turn this ‘temp’ feature off sometime this year.  When they do, an App using this scheme will not be able to read from a non-HTTPS URL.

To get around this you need to explicitly add domains to your white-list.  Not too hard, but it needs to be done.

In the NSAppTransportSecurity, create another dictionary with the name NSExceptionDomains.  Then create another dictionary for each domain you’ll need access to, with the root domain as the name.  Inside that dictionary, add two items – NSTemporaryExceptionAllowsInsecureHTTPLoads with a bool value of TRUE, and NSIncludesSubdomains also with a bool value of TRUE.

That will let you read from those domains in the future, even when Apple kill NSAllowsArbitraryLoads.

The following is an extract from one of our apps which allows the app to read from purplebuttons.com.

<dict>
<key>purplebuttons.com</key>
<dict>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
</dict>

64 bit iOS required

Leave a reply

As of today, all apps submitted to the App store, including updates need to support 64bit.  Got a bit of a shock when I tried submitting my build of Candy Bubble Drop and saw this error screen!

Screen Shot 2015-06-01 at 3.46.54 PM

Luckily, the folks at Unity were prepared (more than I was) and I was able to enable 64 bit support from within the Player Settings and everything worked beautifully!