Login/Register
Setting NSAllowsArbitraryLoads in iOS 9 - Will Apple reject the app? [duplicate]
Asked Answered
Solved iosios9info.plist
O

2

16

I suddenly get a message on iOS 9 :

The resource could not be loaded because the App Transport Security policy requires the use of a secure connection

Searched a bit and found that setting NSAllowsArbitraryLoads to YES fixes this which actually works.
However I also found that Apple may reject the App for this. Though stated in App Transport Security Technote

NSAllowsArbitraryLoads

A Boolean value used to disable App Transport Security for any domains not listed in the NSExceptionDomains dictionary. Listed domains use the settings specified for that domain.

But since this is the only solution working right now and also Apple may or may not reject the App, just wanted to confirm before publishing.

Update: Apple passed the review and my app is live now with this setting :)

Ology answered 25/9, 2015 at 5:11 Comment(8)
Apple has given solution for this. I don't think so apple will reject the app. Because if we want to use the HTTP and HTTPS both in same application then this is only a solution. #32774638Politician
I submit my new version app a week ago with this key NSAllowsArbitraryLoads to YES, and have passed app review processKamal
@Kamal : Good to know that :)Ology
@AshishKakkad : Thanks for your thoughtsOlogy
@Kamal Thanks. Let me know after successful release of your app. I have similar question.Politician
@Ology Welcome brother.Politician
@AshishKakkad It has successful releasedKamal
Exactly. This will be the first reference to this problem I have seen so far :)Ology
K
22

Update:

Apple announced that iOS apps have until January 1, 2017, to enable App Transport Security.

So,if you plan submit app to app store after 2017,please turn on ATS.

Also,see this link

====== Old answer=====

My experience:

I submit my app at 9/17/2015, and have passed the app store review process and successfully released the app.

Here is the info.plist screenshot of my app. enter image description here

So,I do not think apple will reject the app for this reason for now

Update:

My new app passed apple review process at 10/30/2015 with this key set to YES.

Kamal answered 25/9, 2015 at 6:17 Comment(6)
It seems quite bizarre that Apple introduced this security feature, but make it trivial to get around it ??Timmy
Here's exactly how to address the issue for anyone googling here https://mcmap.net/q/749701/-swift-can-39-t-retrieve-images-from-parse-comTimmy
Maybe not now, but in the upcoming iterations of iOS, apple may start rejecting such apps.Berhley
My App with this setting got live :)Ology
Glad to hear that. My new app also passed the review process todayKamal
From what i understand, this is about allowing an app to opt-in on important domains/subdomains, so if a weaker security layer is noticed, iOS can block the connection. This would allow an app developer to say "really don't allow MITM attacks on foo.com"Singleness
B
1

Wasted a considerable amount of time (⏱ == 💸) because of this. Testing new NSURL... code failed with some users, worked with others. Had no idea why. Then stumbled on the log output which I normally don't watch (who really sees logs on an iPhone, seriously...) and there was this warning.

That was a rather nasty trick Apple... wasted time in debugging, wasted time in frustrating users, losing credibility in having software that "works". Broken spokes due to Apple's stick shoved in there. Going to have to toss Apple under the bus 🚌 with my testers on this one.

Ref: NSAppTransportSecurity : NSAllowsArbitraryLoads NSAppTransportSecurity : NSExceptionDomains

enter image description here

Bearberry answered 14/11, 2015 at 17:38 Comment(1)
Oh yes, the whole error text is: App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.Bearberry

© 2022 - 2024 — McMap. All rights reserved.