ATS enforces best practices in the secure connections between app app and the backend. ATS prevents accidental disclosure, provides secure default behavior, and is easy to adopt. ATS is by default in iOS 9.0 and OS X v 10.11.
If developing a new app, HTTPS should be the one default. In addition, communication through high level APIs needs to be encrypted using TLS version 1.2 with forward secrecy. IF app try to make a connection that doesnt follow these requirements, an error will be thrown. IF the app needs to make connection to an insecure domain, app has to specify this domain in the info.plist file.
references:
No comments:
Post a Comment