App communication with server failing, when built with Xcode 7 on iOS 9 devices

Question

Created May ’16

Replies 4

Boosts 0

Views 1.8k

Participants 3

I ran into a strange issue after building my app with Xcode 7. When the app pings the server, communications fails. This only happens under specific build conditions.

The app works without issue under the following circumstances:

Build with Xcode 6.3 on iOS 8 device
Build with Xcode 6.3 on iOS 9 device
Build with Xcode 7.2/7.3 on iOS 8 device

Communication with the server fails when I:

Build with Xcode 7.2/7.3 on iOS 9 devices

I can hit the server URL without any problem from Safari on all devices. I'm currently in the process of confirming that I don't have access to the internet from within my app at all.

Is anybody aware of issues like this that might be tied to building with Xcode 7? I've noticed that Apple is always moving around the "Trusted Developer" settings with new iterations of iOS 9. Is it possible that I'm missing something obvious, like a setting or permission for my specific app?

Boost

Answer 1

pmills OP

May ’16

When you say 'ping', do you mean that literally?

(If not, what protocol are you using?)

0

Answer 2

MikeSim OP

May ’16

What I mean by 'ping', is that I'm making a call to the service running on my server. The call is specifically intended to verify success/failure of communication between the server and the app.

I used the following method to confirm that my app has network connectivity (it does):

http://www.chrisdanielson.com/2009/07/22/iphone-network-connectivity-test-example/

Communication is through HTTPS (I believe the server is set up for TLS, but I didn't implement the back-end).

0

Answer 3

MikeSim OP

May ’16

I believe it has something to do with Application Transport Security.

I added the following to my Info.plist file:

<key>NSAppTransportSecurity</key> 
     <dict> 
          <key>NSAllowsArbitraryLoads</key><true/> 
     </dict>

According to this post:

https://forums.developer.apple.com/thread/3544

That seems to have solved the issue, but I'm not sure what the implications are. I'll have to do more research to confirm that this won't compromise the security of communication between the app and server.

0

Answer 4

Developer Tools Engineer OP

Apple

May ’16

You should use 'nscurl --ats-diagnostics' to figure out what the issue is.

Setting NSAllowsArbitraryLoads globally is a *very* big hammer and should not be done. If you need to neuter ATS, do so on a per domain level and be as strict as possible. For example, akami.bintray.com does not support Perfect Forward Secrecy, so I use something like this:

<key>NSAppTransportSecurity</key>

<dict>

<key>NSExceptionDomains</key>

<dict>

<key>bintray.com</key>

<dict>

<key>NSIncludesSubdomains</key>

<true/>

<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>

</dict>

0