iOS private app network extension or self-contained networking layer (or library interposition, etc.)

Now what we're trying to do is to figure out how to get this to work when sockets are used via CFSocket, CFStream, etc. and with native iOS HTTP/HTTPS clients and other normal iOS network I/O code.

I hate to be the bearer of bad news but there’s no way to achieve this goal in any supported fashion. The only approach that is on a reasonable technical footing, dyld interposition, is not documented for third party use and isn’t feasible on iOS anyway. The other techniques you described rely on OS internals that are not considered API (it’s OK to use them for debugging but you don’t want to use them in production code). Even your SOCKS proxy approach is worrying because, while SOCKS proxying is a supported feature on OS X and the code that implements it is common to both platforms, it’s not actively used on iOS. It’s easy to imagine scenarios where SOCKS might break on iOS, either due to some environmental difference in the platforms or because Apple simply removes that code from iOS for efficiency reasons.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Edit: leaving these but look at the last reply, since I think I found the "right" way to do this.

We've already found that dyld interposition is feasible on iOS, at least recent versions, but as you say it may not be acceptable for the app store since the APIs are not documented and may not be stable or future-proof. After thinking on it a bit I have doubts about whether it could ever work with the proposed bitcode app shipping format (LLVM bitcode?) that is being introduced (unless some kind of official support were added).

The SOCKS solution looks workable but as you say it may vanish at some point in the future. We will pursue it for now since it uses published APIs and will work but will also continue researching this and will build with the knowledge that the SOCKS solution might need to be swapped out later.

None of these solutions are ideal. The ideal would be some official way of providing a "socket provider" or something like that, or permitting application-private instances of a Network Extension that are only visible to the app itself and that die with the app. The latter is possible at the OS level and in some ways is the most elegant and idiomatic (in terms of stated intent, etc.) but there are obviously no APIs for it. Are there any plans like this in the future?

Let me provide a concrete use case that we are actively working with a customer to achieve.

The customer has a high-bandwidth IP camera app. They want apps for iOS (and Android) that permit the feed from the camera to be viewed. This use case would likely involve the customer viewing the feed for fairly long periods of time.

If the camera is on the same local LAN broadcast segment, it is possible for app to find it and communicate directly. Otherwise, there is currently no reliable option for the customer but to pay to have all traffic relayed off cloud resources. Amazon charges $0.09/GB for traffic outflow. This means that if the camera streams 50kb/sec and the user on average watches it for three hours a day, this costs the vendor about $1.45/month in bandwidth charges for a $100 one-time-sale IP camera product.

There are many other cases with similar economics: tele-presence, video chat, games that transfer a lot of state, etc. There are also security applications and applications that prefer low latency. A 2000 mile data path between two devices in the same city is dumb.

Thought this was worth posting since Apple seems to be taking the approach of watching what people want to do on iOS and adding official ways to do it when it seems compelling. While I doubt Apple would do this just for us, there are as I said other applications for this general class of thing. If iOS had some approved way of extending or reshaping the network in a manner private to the app it would actually be far ahead of any other OS. What we're trying to achieve here is possible almost everywhere, but no OS in common use provides a clean way to do it. The closest is Linux but even there it's a tad painful.

I think the best way to do this in an idiomatic, native, correct way would be to write a network app extension:

https://developer.apple.com/app-extensions/

There is currently no explicit category for this. Perhaps there should be a "networking" extension class. Looks like "action" or "share" are the closest analogs today.

It could then use app proxy provider from the Network Extensions API to do precisely what I'm talking about above, and would have the added advantage of being installed only once on a device even if multiple apps used it:

https://developer.apple.com/library/ios/documentation/NetworkExtension/Reference/Network_Extension_Framework_Reference/index.html#//apple_ref/doc/uid/TP40016234

Going to read up more but what I've read so far sounds like this might be the iOS-correct way to do this. Might be iOS 9 only though, but we could use SOCKS or interposition on iOS 8 for backward compatibility. (Client doesn't care about iOS before 8, and soon probably not before 9, so not a long term problem.)

Edit: yes, looks very promising. This is basically exactly what we want. Network Containers would be an App Extension, not a Framework:

https://developer.apple.com/library/ios/documentation/NetworkExtension/Reference/NEAppProxyFlowClassRef/index.html#//apple_ref/swift/cl/c:objc(cs)NEAppProxyFlow

Current extension categories don't seem like any of them would be right for this, so our strategy I think will be to use the "SOCKS hack" to achieve app proxy flows within the app (some apps do this, like Tor bundle). But a networking app extension sounds like the long term correct way to implement this type of thing in iOS. I'd propose creating such a category, especially if you deprecate and eliminate SOCKS, since it would allow SOCKS and other forms of network extensions to be achieved within an app in a general and very powerful way.