Apple mandates App Store apps support ATS security protocol by 2017

Anything that Xojo / we need to do?

use new framework’s httpsocket.
Or NSURL* classes via plugin/declares.

A lot of stuff will automatically do it. Like HTMLViewer.

Use NSURL* and u r safe: https://www.fir3net.com/Security/Concepts-and-Terminology/what-is-app-transport-security-ats.html

our CURL plugin can also do TLS 1.2, so it should work just fine.

What about the classic framework?

I thought the classic Framework is not supported on iOS? And the ATS requirement is for iOS only.

It will also be required for anything submitted to the Mac App Store, which could then include the classic framework.

I don’t think this is correct. Apple is speaking about iOS only in this case.

And to be honnest, i think Apple knows that they currently do not need another Nail for the Mac App Store coffin :wink:

Not sure which is correct, got my info from:
http://appleinsider.com/articles/16/06/14/apple-mandates-app-store-apps-support-ats-security-protocol-by-2017

There’s probably an official post somewhere. And I completely agree that it’d be yet another annoying hurdle for the MAS if they choose to require it there.

AFAIK ATS (App Transport Security, not to be confused with Apple Type Service) exists for the moment only on iOS 9.

There is no word yet on macOS Sierra including it.

Until Apple sends some mail about it to developers we should not worry prematurely.

At any rate the New Framework and MBS support it, so it should not be too difficult to update the apps.

Time to move on…

[quote=272130:@Michel Bujardet]AFAIK ATS (App Transport Security, not to be confused with Apple Type Service) exists for the moment only on iOS 9.

There is no word yet on macOS Sierra including it.[/quote]
Actually, it’s already in El Capitan.

Up until now, it hasn’t been required in either App Store.

This year’s announcement states that iOS apps must use it in 2017. This requirement has not been extended (yet) to Mac apps in the MAS.

Basically: use https (not http) URLs in your httpsockets on iOS. Which is a good idea anyway.