IOS 9 App Transport Security has blocked a cleartext HTTP Issue

Question

I am testing my app in Xcode 7, IOS 9 and got the following error :

App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.

So I have done some changes in Info.plist file as below and application is now working fine across all IOS Versions:

<key>NSAppTransportSecurity</key><dict>
<key>NSExceptionDomains</key><dict><key>myserver.com</key><dict>
<key>NSIncludesSubdomains</key><false/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/></dict> </dict></dict>

So my doubt is whether this remains a permanent fix or whether I should use NSURLSession in my code.

Thanks, Abin

Answer 1

Adding the following to your Info.plist will disable ATS

<key>NSAppTransportSecurity</key>  
<dict>  
    <key>NSAllowsArbitraryLoads</key><true/>  
</dict> 

Answer 2

NSURLSession is also subject to App Transport Security. The real question you have to ask yourself is whether you're transferring sensitive information. If you are, you should use https so that the information is secure.

In this case, App Transport Security is basically warning you that the data you're sending or receiving is going via an insecure route, when compared to the best practices for transferring information securely. It's then up to you to make the decision based on your own knowledge about the data. If it's downloading public, non-personal information, you might simply make an exception in the plist and carry on. If you're throwing people's dates of birth or social security numbers around, probably not...