If I was to build an app that opened a web server at local host on a random port that resolved subdomains for local host at that port, but there was no certificate authority, signed certificate available to provide HTTPS security, would this be in violation of apples ATS policy
ATS applies when your app is making a connection to a remote server using the URL Loading System [1] but even then you're able to configure exceptions for this behavior [2] using the NSAppTransportSecurity key [3] in your Info.plist [4].
If your app is sandboxed you'll need the com.apple.security.network.server entitlement [5] as well.
[1] https://developer.apple.com/documentation/Foundation/url-loading-system
[2] https://developer.apple.com/documentation/security/preventing-insecure-network-connections
[4] https://developer.apple.com/documentation/bundleresources/information-property-list
So in my case it's all good then cause it's local to us just http?
would this be in violation of apples ATS policy
There’s two different aspects of ATS policy:
The latter is determined by App Review. I don’t work for App Review and thus can’t say definitive things about their policy. However, I can point you at Provide Justification for Exceptions.
On the technical side, the correct answer depends on your long-term intent. You wrote:
If I was to build an app that opened a web server at local host
Is this just for testing? Or is your final deployed app going to be accessing a local server? And if it’s the latter, are you accessing some sort of network-based accessory?
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"