I am struggling with an iPad App which listens to a rtp-stream from a camera in the same local network. The iPad is connected to the LAN using an USB-C-RJ45 adapter (Belkin - the one Apple sells in its Stores). For testing we are using mobileVLCKit as player. Using iOS 15.7.x the app runs fine, but with iOS 16.3 the Apps continues to ask for LAN access, but only then shows the video, if this specific iPad has got a family AppleID. If not, or it has no AppleID at all, it receives only a few frames, all of which appear as corrupt, which then go down to zero. After each restart of the player, it once again gets a few frames until they disappear.
If you run the App with a normal AppleID, or no AppleID, the App does not receive frames, then, after changing the AppleID to a family AppleID, the App immediately runs.
I imagine that a family AppleID has implications on Bonjour services in combination with iOS>16. I tested and confirmed this behavior on iPad 4 Air and iPad 5 Air. On an actual iPad mini however, the video runs regardless of an AppleID type or iOS Version.
To get user allowance for LAN access I used several plist entries. Here is my info.plist:
<dict>
<key>BGTaskSchedulerPermittedIdentifiers</key>
<array>
<string>com.test.testApp</string>
</array>
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSAllowsArbitraryLoadsForMedia</key>
<true/>
<key>NSAllowsArbitraryLoadsInWebContent</key>
<true/>
<key>NSAllowsArbitraryLoadsUsageDescription</key>
<dict/>
<key>NSAllowsLocalNetworking</key>
<true/>
<key>NSExceptionDomains</key>
<dict/>
</dict>
<key>NSBonjourServices</key>
<array>
<string>_lnp._tcp.</string>
<string>_bonjour._tcp</string>
<string>_http._tcp</string>
<string>_iri._tcp</string>
</array>
...
<key>UIBackgroundModes</key>
<array>
<string>processing</string>
<string>remote-notification</string>
</array>
</dict>
</plist>
To get user permission on the LAN usage, I use https://stackoverflow.com/a/67758105/705761, which runs nicely. I added UIBackgroundModes to enforce the appearance of the App int the settings. If you open these settings, the local network switch appears and is set to ON, if you previously answered the question about LAN usage with OK.
So far everything looks good, and the player plays the stream immediately, but only on:
Devices with iOS < 16, no matter which AppleID type is used
Devices > 16 only with an family AppleID
Is there a way define the IP of the camera or its URL in such a way that it does not fall under the seemingly restrictions of an non-familiy ApppleID? Or is there another cause present which manifests itself via the AppleID by coincidence?
What setting do I need to put in my info.plist to enable HTTP mode as per the following error message?
Transport security has blocked a cleartext HTTP (http://) resource
load since it is insecure. Temporary exceptions can be configured via
your app's Info.plist file.
Assume that my domain is example.com.
Use NSAppTransportSecurity:
You have to set the NSAllowsArbitraryLoads key to YES under NSAppTransportSecurity dictionary in your info.plist file.
Here are the settings visually:
See the forum post Application Transport Security?.
For example, you can add a specific domain like:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>example.com</key>
<dict>
<!--Include to allow subdomains-->
<key>NSIncludesSubdomains</key>
<true/>
<!--Include to allow HTTP requests-->
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<!--Include to specify minimum TLS version-->
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
The lazy option is:
<key>NSAppTransportSecurity</key>
<dict>
<!--Include to allow all connections (DANGER)-->
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
###Note:
info.plist is an XML file so you can place this code more or less anywhere inside the file.
If you are using Xcode 8.0+ and Swift 2.2+ or even Objective C:
If you want to allow HTTP connections to any site, you can use this keys:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
If you know which domains you will connect to add:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>example.com</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
</dict>
</dict>
This was tested and was working on iOS 9 GM seed - this is the configuration to allow a specific domain to use HTTP instead of HTTPS:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<false/>
<key>NSExceptionDomains</key>
<dict>
<key>example.com</key> <!--Include your domain at this line -->
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
NSAllowsArbitraryLoads must be false, because it disallows all insecure connection, but the exceptions list allows connection to some domains without HTTPS.
Here it is visually:
This is a quick workaround (but not recommended) to add this in the plist:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
Which means (according to Apple's documentation):
NSAllowsArbitraryLoads
A Boolean value used to disable App Transport Security for any domains not listed in the NSExceptionDomains dictionary. Listed domains use the settings specified for that domain.
The default value of NO requires the default App Transport Security behaviour for all connections.
I really recommend links:
Apple's technical note
WWDC 2015 session 706 (Security and Your Apps) starts around 1:50
WWDC 2015 session 711 (Networking with NSURLSession)
Blog post Shipping an App With App Transport Security
which help me understand reasons and all the implications.
The XML (in file Info.plist) below will:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<false/>
<key>NSExceptionDomains</key>
<dict>
<key>PAGE_FOR_WHICH_SETTINGS_YOU_WANT_TO_OVERRIDE</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
</dict>
disallow arbitrary calls for all pages, but for PAGE_FOR_WHICH_SETTINGS_YOU_WANT_TO_OVERRIDE will allow that connections use the HTTP protocol.
To the XML above you can add:
<key>NSIncludesSubdomains</key>
<true/>
if you want to allow insecure connections for the subdomains of the specified address.
The best approach is to block all arbitrary loads (set to false) and add exceptions to allow only addresses we know are fine.
For interested readers
2018 Update:
Apple is not recommending switching this off - more information can be found in 207 session WWDC 2018 with more things explained in regards to security
Leaving the original answer for historic reasons and development phase
For those of you who want a more context on why this is happening, in addition to how to fix it, then read below.
With the introduction of iOS 9, to improve the security of connections between an app and web services, secure connections between an app and its web service must follow best practices. The best practices behavior is enforced by the App Transport Security to:
prevent accidental disclosure, and
provide a default behavior that is secure.
As explained in the App Transport Security Technote, when communicating with your web service, App Transport Security now has the following requirements and behavior:
The server must support at least Transport Layer Security (TLS) protocol version 1.2.
Connection ciphers are limited to those that provide forward secrecy (see the list of ciphers below.)
Certificates must be signed using a SHA256 or better signature hash algorithm, with either a 2048 bit or greater RSA key or a 256 bit or
greater Elliptic-Curve (ECC) key.
Invalid certificates result in a hard failure and no connection.
In other words, your web service request should: a.) use HTTPS and b.) be encrypted using TLS v1.2 with forward secrecy.
However, as was mentioned in other posts, you can override this new behavior from App Transport Security by specifying the insecure domain in the Info.plist of your app.
To override, you will need to add the NSAppTransportSecurity > NSExceptionDomains dictionary properties to your Info.plist. Next, you will add your web service's domain to the NSExceptionDomains dictionary.
For example, if I want to bypass the App Transport Security behavior for a web service on the host www.yourwebservicehost.com then I would do the following:
Open your app in Xcode.
Find the Info.plist file in Project Navigator and "right-mouse" click on it and choose the Open As > Source Code menu option. The property list file will appear in the right pane.
Put the following properties block inside of the main properties dictionary (under the first <dict>).
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>www.example.com</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
</dict>
</dict>
If you need to provide exceptions for additional domains then you would add another dictionary property beneath NSExceptionDomains.
To find out more about the keys referenced above, read this already mentioned technote.
I do not like editing the plist directly. You can easily add it to the plist using the GUI:
Click on the Info.plist in the Navigator on the left.
Now change the data in the main area:
On the last line add the +
Enter the name of the group: App Transport Security Settings
Right click on the group and select Add Row
Enter Allow Arbitrary Loads
Set the value on the right to YES
There are two solutions for this :
Solutions 1 :
In Info.plist file add a dictionary with key 'NSAppTransportSecurity'
Add another element inside dictionary with key 'Allow Arbitrary Loads'
Plist structure should appear as shown in below image.
Solution 2 :
In Info.plist file add a dictionary with key 'NSAppTransportSecurity'
Add another element inside dictionary with key 'NSExceptionDomains'
Add element with key 'MyDomainName.com' of type NSDictionary
Add element with key 'NSIncludesSubdomains' of type Boolean and value set as YES
Add element with key 'NSTemporaryExceptionAllowsInsecureHTTPLoads' of type Boolean and value set as YES
Plist structure should appear as shown in below image.
Solution 2 is preferred since it allows only selected domain whereas solution 1 allows all insecure HTTP connections.
Transport security is available on iOS 9.0 or later. You may have this warning when trying to call a WS inside your application:
Application Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.
Adding the following to your Info.plist will disable ATS:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key><true/>
</dict>
⛔️ Don't use bad practices!
Many of the answers (including the accepted one) tell you to make your app's network communication entirely unsecured! by setting the Allow Arbitrary Loads to Yes (or true). That is the most dangerous setting for network requests! And it is ONLY for testing and temporary purposes.
You can see this Apple Engineer clearly saying this in here in WWDC18 even for Web Content and you are trying to allow them all!
✅ Set Allow Arbitrary Loads to NO !!!
You must always use HTTPS for your networking stuff. But if you really can't, just add an exception to the info.plist
For example, if you are using http://google.com and getting that error, You MUST change it to https://google.com (with s) since it supports perfectly.
But if you can't somehow, (and you cant convince backend developers to support SSL), add JUST this unsecured domain to the info.plist (instead of making it available for ALL UNSECURE NET!)
Development Example
Here is a screenshot of a plist which keeps ATS intact (=secure), but allows that connections to localhost can be made via HTTP instead of HTTPS. It works in Xcode 7.1.1.
According to Apple, generally disabling ATS will lead to app rejection, unless you have a good reason to do so. Even then, you should add exceptions for domains that you can access safely.
Apple has an excellent tool that tells you exactly what settings to use: In Terminal, enter
/usr/bin/nscurl --ats-diagnostics --verbose https://www.example.com/whatever
and nscurl will check whether this request fails, and then try a variety of settings and tell you exactly which one passes, and what to do. For example, for some third-party URL that I visit, this command told me that this dictionary passes:
{
NSExceptionDomains = {
"www.example.com" = {
NSExceptionRequiresForwardSecrecy = false;
};
};
}
To distinguish between your own sites and third-party sites that are out of your control, use, for example, the key NSThirdPartyExceptionRequiresForwardSecrecy.
Go to your Info.plist
Right Click on empty space and Click on Add Row
Write the Key Name as NSAppTransportSecurity, Under it
Select Exception Domains, Add a new item to this
Write down your domain name that needs to get accessed
Change the Domain type from String to Dictionary, add a new Item
NSTemporaryExceptionAllowsInsecureHTTPLoads, that will be a boolean with a true value.
Figuring out what settings to use can be performed automatically, as mentioned in this technote:
/usr/bin/nscurl --ats-diagnostics --verbose https://your-domain.com
NOTE: The exception domain in your plist should be in LOWER-CASE.
Example: you have named your machine "MyAwesomeMacbook" under Settings->Sharing; your server (for test purposes) is running on MyAwesomeMacbook.local:3000, and your app needs to send a request to http://MyAwesomeMacbook.local:3000/files..., your plist you will need to specify "myawesomemacbook.local" as the exception domain.
--
Your info.plist would contain...
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>myawesomemacbook.local</key>
<dict>
<!--Include to allow subdomains-->
<key>NSIncludesSubdomains</key>
<true/>
<!--Include to allow HTTP requests-->
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
</dict>
On 2015-09-25 (after Xcode updates on 2015-09-18):
I used a non-lazy method, but it didn't work. The followings are my tries.
First,
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>www.xxx.yyy.zzz</key>
<dict>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
</dict>
</dict>
And second,
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>www.xxx.yyy.zzz</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
</dict>
</dict>
Finally, I used the lazy method:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
It might be a little insecure, but I couldn't find other solutions.
Use:
Add a new item, NSAppTransportSecurity, in the plist file with type Dictionary, then add sub item NSAllowsArbitraryLoads in dictionary of type Boolean, and set bool value YES. This works for me.
In swift 4 and xocde 10 is change the NSAllowsArbitraryLoads to Allow Arbitrary Loads. so it is going to be look like this :
<key>App Transport Security Settings</key>
<dict>
<key>Allow Arbitrary Loads</key><true/>
</dict>
It may be worth mentioning how to get there...
Info.plist is one of the files below the Main.storyboard or viewController.swift.
When you click on it the first time, it usually is in a table format, so right click the file and 'open as' Source code and then add the code below towards the end, i.e.:
<key>NSAppTransportSecurity</key><dict><key>NSAllowsArbitraryLoads</key><true/></dict>
Copy paste the code just above
"</dict>
</plist>"
which is at the end.
How to fix it?
Below steps to fix it.
Update for Xcode 7.1, facing problem 27.10.15:
The new value in the Info.plist is "App Transport Security Settings".
From there, this dictionary should contain:
Allow Arbitrary Loads = YES
Exception Domains (insert here your http domain)
For those who came here trying to find the reason why their WKWebView is always white and loads nothing (exactly as described here how do I get WKWebView to work in swift and for an macOS App) :
If all the rocket science above does not work for you check the obvious: the sandbox settings
Being new to swift and cocoa, but pretty experienced in programming I've spend about 20 hours to find this solution. None of dozens hipster-iOS-tutorials nor apple keynotes – nothing mentions this small checkbox.
By default, iOS only allows HTTPS API. Since HTTP is not secure, you will have to disable App transport security. There are two ways to disable ATS:-
1. Adding source code in project info.plist and add the following code in root tag.
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
2. Using project info.
Click on project on the project on the left pane, select the project as target and choose info tab. You have to add the dictionary in the following structure.
** Finally!!! Resolved App transport Security **
1. Follow the follow the screen shot. Do it in Targets info Section.
In Swift 5 we have two way to overcome this problem. we need to add the NSAppTransportSecurity in info.plist
I give the info.plist sourcecode and image for reference
First one is Add the NSAppTransportSecurity -> NSAllowsArbitraryLoads in info.plist.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<false/>
</dict>
</dict>
</plist>
Another one method is Add the NSAppTransportSecurity -> NSExceptionDomains in info.plist and add the domain of the URL and enable the permissions to load there sub-domains(NSIncludesSubdomains) and Allow the insecure HTTP loads(NSExceptionAllowsInsecureHTTPLoads)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>www.7timer.info</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
</dict>
</dict>
</plist>
Using NSExceptionDomains may not apply an effect simultaneously due to target site may load resources (e.g. js files) from external domains over http. It can be resolved by adding these external domains to NSExceptionDomains as well.
To inspect which resources cannot be loaded try to use Remote debugging. Here is a tutorial: http://geeklearning.io/apache-cordova-and-remote-debugging-on-ios/
For Cordova, if you want to add it into your ios.json, do the following:
"NSAppTransportSecurity": [
{
"xml": "<dict><key>NSAllowsArbitraryLoads</key><true /></dict>"
}
]
And it should be inside of:
"*-Info.plist": {
"parents": {
}
}
Like many have noted, this is a feature issue that comes with iOS 9.0. They have added a thing called App Transport Security, and I too was annoyed when it broke my Apps.
You can bandage it with the NSAllowsArbitraryLoads key to YES under NSAppTransportSecurity dictionary in your .plist file, but ultimately you will need to re-write the code that forms your URLs to form the HTTPS:// prefix.
Apple has re-written the NSUrlConnection class in iOS 9.0. You can read about it in NSURLConnection.
Else, you may have to back out of iOS 9.0 until you have time to implement the correct solution.
I have an iPhone app that has a relatively simple Flurry configuration installed. I notice that the Flurry files ("flurryResponseNNNNN...") seem to build up and are never deleted (at least not going back over 3 weeks).
Now, it is getting to be late enough in the year where we begin expect some accumulation here in Minnesota, but I'm not anxious for this much this early.
Is there some Flurry setting that controls the number of files (or total size or whatever) that Flurry retains, or do I need to manage this directly in my app?
Added:
The files are in the Documents directory. They contain XML similar to:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>body</key>
<data>
</data>
<key>headers</key>
<dict>
<key>Connection</key>
<string>close</string>
<key>Content-Length</key>
<string>0</string>
<key>Content-Type</key>
<string>application/octet-stream</string>
<key>Date</key>
<string>Wed, 14 Sep 2011 19:41:25 GMT</string>
<key>Server</key>
<string>nginx</string>
</dict>
<key>statusCode</key>
<integer>200</integer>
</dict>
</plist>
I should say that I discovered that these files are diagnostic logs, turned on by a setting when starting up Flurry. (I forget the specific setting and don't have the code at hand here, but it's fairly obvious when you go looking for it.) Turn off that setting and they go away (or at least no more are generated).
I've used Flurry before and never seen these files. Where are they being stored; if it's in the cache or temp folder then i wouldn't' worry about them.
Do you see flurry working correctly when you go to your app's website?
Can you tell us more about your flurry configuration? What analytics are you bring to record?
NB I certainly wouldn't want to start manually deleting files from inside your app!
- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary*)launchOptions {
[FlurryAPI startSession:#"YOUR APP KEY"];
[FlurryAPI logEvent:#"Application Started"];
[FlurryAPI setSessionReportsOnCloseEnabled:FALSE];
[FlurryAPI setSessionReportsOnPauseEnabled:FALSE];
}
What do you do for app database backup?
On other phones that have SD Cards backup of the app database is not a problem as I can make the backup of the app database to the SD Card. I can also send that backup to email as a zip. Restoring is also not a problem as the email can save the zip to the SD Card use a file that i still on the SD Card.
iPhone seems to be another story. I can make a copy of the user part of the database and store it in the same documents folder that the app resides. I could also email a zip of that file in case the phone dies.
but how would I save a download from an email attachment to the app document folder? so if the user uploaded their DB to their email, and then wants to restore it, how would you do this?
What do you all do for DB backups from your apps?
If you want to save the document from an email you could do the following:
First, modify your Info.plist file to register to handle the specific extension of your backup file by adding it to a new key called CFBundleDocumentTypes.
<key>CFBundleDocumentTypes</key>
<array>
<dict>
<key>CFBundleTypeName</key>
<string>MyApplication</string>
<key>CFBundleTypeRole</key>
<string>Editor</string>
<key>LSHandlerRank</key>
<string>Owner</string>
<key>LSItemContentTypes</key>
<array>
<string>com.myapplication.myapplicationsuffix.fileextension</string>
</array>
</dict>
</array>
The next thing to set up is your application's bundle URL Types.
<key>CFBundleURLTypes</key>
<array>
<dict>
<key>CFBundleURLName</key>
<string>com.myapplication.myapplicationsuffix.myoperationkey</string>
<key>CFBundleURLSchemes</key>
<array>
<string>packageforlaunch</string>
</array>
</dict>
</array>
That way when the user launches the file (taps on it in the email), it will launch your application and provide a filesystem URI to it. In your app delegate, you can implement the -(BOOL)application:(UIApplication *)application handleOpenURL:(NSURL *)url method.
- (BOOL)application:(UIApplication *)application handleOpenURL:(NSURL *)url {
if(url != nil && [url isFileURL])
{
NSData *d = [NSData dataWithContentsOfURL:url];
[[NSFileManager defaultManager] createFileAtPath:[[self applicationDocumentsDirectory] stringByAppendingPathComponent:[url lastPathComponent]] contents:d attributes:nil];
}
That will give you the file and you can save it to your application. The key here is to not have your database stored in the application bundle, but instead in your application's user folder somewhere. That way you can easily replace it ( as long as you have the proper locking in place ) from an application launch. With CoreData, you have to be careful that you have not changed the schema, or that you are loading the correct .xcdatamodeld files for the database version, or you could end up with an un-openable database.
What I have done is to use the SQLite data store for CoreData, or to use SQLite by itself. Lock the file briefly, create a copy of the database file and upload it via PUT / POST to my server via an API. The server then stores the file in CouchDB with the timestamp. This has the effect of being a poor man's versioning system, you could always roll back since the database is tagged with either the user's id, or the user's UDID, or both with the timestamp.
The simpler method will likely be to use a combination of Apple's new document store for the database, and the key/value store with a pointer to the document id that represents the backup.
Unfortunately, I don't think there is an easy mechanism for this, the email mechanism you describe is probably the simplest, but with CoreData, it makes even that complicated. If you are using raw SQLite3 and the FMDB library, it makes things much easier.