I would like to know if ATS is enabled in app, SSL pinning must implement in the app too?
SSL pinning is must in App Transport Security (ATS)?
TLS {certificate,public key} pinning is never required. Historically it was a useful protection against incorrectly issued certificates, but these days that’s less of an issue because of certificate transparency.
The most common reason why folks still implement TLS pinning is because they want to prevent the device’s user from peeking at their traffic. If you want to do that, go ahead and implement it. If not, don’t bother.
Be aware, however, that TLS pinning is not without its drawbacks. Specifically, it will prevent your app from working in some legitimate scenarios, most notably when a site admin has configured TLS inspection. If you do implement TLS pinning you may want to provide a managed app preferences to disable it.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
The most common reason why folks still implement TLS pinning is because they want to prevent the device’s user from peeking at their traffic. If you want to do that, go ahead and implement it. If not, don’t bother.
Be aware, however, that TLS pinning is not without its drawbacks. Specifically, it will prevent your app from working in some legitimate scenarios, most notably when a site admin has configured TLS inspection. If you do implement TLS pinning you may want to provide a managed app preferences to disable it.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"