App Transport Layer and Exceptions


2551phil
 

I’m making my first venture into submitting an app for distribution via the macOS App Store.

In my non-app store distributed apps, I have a call to a file located on my Amazon AWS repository which provides data the app needs (the data is changeable on a daily basis, so can’t be hardwired into the app). For some reason Amazon AWS won’t pass ATL (specifically, I have to add the NSExceptionRequiresForwardSecrecy key to get the url past ATL).

My (primary) question is: does anyone here know if exceptions are acceptable for App Store submission, or is ATL strictly enforced?

If the latter, a subsequent question is does anyone else here use calls to Amazon AWS within an App Store app and know how to deal with it? I don’t really understand why AWS doesn’t / can’t meet the requirements of ATL, or maybe I just need to fiddle with “something” in the settings for the AWS repository…?


TIA


Phil
@sqwarq


Alexander von Below
 

Hello,

a quick google search pulled up this from the „AWS Mobile Blog“: https://aws.amazon.com/de/blogs/mobile/preparing-your-apps-for-ios-9/

I am as surprised as you that AWS does not meet the ATL criteria.

To find out, run /usr/bin/nscurl --ats-diagnostics $yoururlgoeshere

HTH

Alex

Am 19.06.2017 um 07:48 schrieb 2551phil <2551phil@gmail.com>:

I’m making my first venture into submitting an app for distribution via the macOS App Store.

In my non-app store distributed apps, I have a call to a file located on my Amazon AWS repository which provides data the app needs (the data is changeable on a daily basis, so can’t be hardwired into the app). For some reason Amazon AWS won’t pass ATL (specifically, I have to add the NSExceptionRequiresForwardSecrecy key to get the url past ATL).

My (primary) question is: does anyone here know if exceptions are acceptable for App Store submission, or is ATL strictly enforced?

If the latter, a subsequent question is does anyone else here use calls to Amazon AWS within an App Store app and know how to deal with it? I don’t really understand why AWS doesn’t / can’t meet the requirements of ATL, or maybe I just need to fiddle with “something” in the settings for the AWS repository…?


TIA


Phil
@sqwarq





2551phil
 

Thanks, Alex, but I’m not really sure that’s relevant to my specific questions.

I already know how to configure the Info.plist. As I said, I’ve had the NSException for ATL for a while. My question was whether exceptions are allowed in the macOS App Store **now**.

The document you referenced was related to iOS 9, which is a different platform and store, and is nearly two years old.

I can well believe that Apple might have had a more lenient policy when ATL was introduced than they might do now.


Best


Phil
@sqwarq

On 19 Jun 2017, at 14:46, Alexander von Below <below@mac.com> wrote:

Hello,

a quick google search pulled up this from the „AWS Mobile Blog“: https://aws.amazon.com/de/blogs/mobile/preparing-your-apps-for-ios-9/

I am as surprised as you that AWS does not meet the ATL criteria.

To find out, run /usr/bin/nscurl --ats-diagnostics $yoururlgoeshere

HTH

Alex

Am 19.06.2017 um 07:48 schrieb 2551phil <2551phil@gmail.com>:

I’m making my first venture into submitting an app for distribution via the macOS App Store.

In my non-app store distributed apps, I have a call to a file located on my Amazon AWS repository which provides data the app needs (the data is changeable on a daily basis, so can’t be hardwired into the app). For some reason Amazon AWS won’t pass ATL (specifically, I have to add the NSExceptionRequiresForwardSecrecy key to get the url past ATL).

My (primary) question is: does anyone here know if exceptions are acceptable for App Store submission, or is ATL strictly enforced?

If the latter, a subsequent question is does anyone else here use calls to Amazon AWS within an App Store app and know how to deal with it? I don’t really understand why AWS doesn’t / can’t meet the requirements of ATL, or maybe I just need to fiddle with “something” in the settings for the AWS repository…?


TIA


Phil
@sqwarq






Alexander von Below
 

Oh, let Quinn The Eskimo answer that:

"What has changed is that App Review will require “reasonable justification” for most ATS exceptions. The goal here is to flush out those folks who, when ATS was first released, simply turned it off globally and moved on. That will no longer be allowed.“
(From: https://forums.developer.apple.com/thread/48979)

You are not disabling ATS, and accessing AWS will surely be a very reasonable justification — if Apple even wants one.

HTH

Alex

Am 19.06.2017 um 14:41 schrieb 2551phil <2551phil@gmail.com>:

Thanks, Alex, but I’m not really sure that’s relevant to my specific questions.

I already know how to configure the Info.plist. As I said, I’ve had the NSException for ATL for a while. My question was whether exceptions are allowed in the macOS App Store **now**.

The document you referenced was related to iOS 9, which is a different platform and store, and is nearly two years old.

I can well believe that Apple might have had a more lenient policy when ATL was introduced than they might do now.


Best


Phil
@sqwarq


On 19 Jun 2017, at 14:46, Alexander von Below <below@mac.com> wrote:

Hello,

a quick google search pulled up this from the „AWS Mobile Blog“: https://aws.amazon.com/de/blogs/mobile/preparing-your-apps-for-ios-9/

I am as surprised as you that AWS does not meet the ATL criteria.

To find out, run /usr/bin/nscurl --ats-diagnostics $yoururlgoeshere

HTH

Alex

Am 19.06.2017 um 07:48 schrieb 2551phil <2551phil@gmail.com>:

I’m making my first venture into submitting an app for distribution via the macOS App Store.

In my non-app store distributed apps, I have a call to a file located on my Amazon AWS repository which provides data the app needs (the data is changeable on a daily basis, so can’t be hardwired into the app). For some reason Amazon AWS won’t pass ATL (specifically, I have to add the NSExceptionRequiresForwardSecrecy key to get the url past ATL).

My (primary) question is: does anyone here know if exceptions are acceptable for App Store submission, or is ATL strictly enforced?

If the latter, a subsequent question is does anyone else here use calls to Amazon AWS within an App Store app and know how to deal with it? I don’t really understand why AWS doesn’t / can’t meet the requirements of ATL, or maybe I just need to fiddle with “something” in the settings for the AWS repository…?


TIA


Phil
@sqwarq








2551phil
 

Thanks for that, Alex. That’s a bit more reassuring.

I guess the proof is in the pudding. I’ll just have to try it and see!


Best


Phil
@sqwarq

On 19 Jun 2017, at 22:08, Alexander von Below <below@mac.com> wrote:

Oh, let Quinn The Eskimo answer that:

"What has changed is that App Review will require “reasonable justification” for most ATS exceptions. The goal here is to flush out those folks who, when ATS was first released, simply turned it off globally and moved on. That will no longer be allowed.“
(From: https://forums.developer.apple.com/thread/48979)

You are not disabling ATS, and accessing AWS will surely be a very reasonable justification — if Apple even wants one.

HTH

Alex


Am 19.06.2017 um 14:41 schrieb 2551phil <2551phil@gmail.com>:

Thanks, Alex, but I’m not really sure that’s relevant to my specific questions.

I already know how to configure the Info.plist. As I said, I’ve had the NSException for ATL for a while. My question was whether exceptions are allowed in the macOS App Store **now**.

The document you referenced was related to iOS 9, which is a different platform and store, and is nearly two years old.

I can well believe that Apple might have had a more lenient policy when ATL was introduced than they might do now.


Best


Phil
@sqwarq


On 19 Jun 2017, at 14:46, Alexander von Below <below@mac.com> wrote:

Hello,

a quick google search pulled up this from the „AWS Mobile Blog“: https://aws.amazon.com/de/blogs/mobile/preparing-your-apps-for-ios-9/

I am as surprised as you that AWS does not meet the ATL criteria.

To find out, run /usr/bin/nscurl --ats-diagnostics $yoururlgoeshere

HTH

Alex

Am 19.06.2017 um 07:48 schrieb 2551phil <2551phil@gmail.com>:

I’m making my first venture into submitting an app for distribution via the macOS App Store.

In my non-app store distributed apps, I have a call to a file located on my Amazon AWS repository which provides data the app needs (the data is changeable on a daily basis, so can’t be hardwired into the app). For some reason Amazon AWS won’t pass ATL (specifically, I have to add the NSExceptionRequiresForwardSecrecy key to get the url past ATL).

My (primary) question is: does anyone here know if exceptions are acceptable for App Store submission, or is ATL strictly enforced?

If the latter, a subsequent question is does anyone else here use calls to Amazon AWS within an App Store app and know how to deal with it? I don’t really understand why AWS doesn’t / can’t meet the requirements of ATL, or maybe I just need to fiddle with “something” in the settings for the AWS repository…?


TIA


Phil
@sqwarq