App Transport Security Exclusions

With iOS 9, Apple has introduced App Transport Security (ATS) - a new security system requiring all requests made within the app to have a secured network connection.

Many native iOS apps written before iOS 9 use unsecured connections for simple REST requests or loading images from an image server. To ensure these requests are accepted in iOS 9, you may need to modify the Info.plist within the app.

ATS will reject any unsecured (HTTP) requests from being made. It will also reject secured (HTTPS) requests if they do not use best practices for secure communications.

This security measure will most likely affect the loading of image URLs that Personalization has provided. Therefore, it is best to test the loading of images within the app to determine whether or not it is necessary to make an exception for your image server.

It may be challenging to determine whether or not App Transport Security is rejecting the loading of images. The only sign would be a UIImageView not displaying aUIImage. You may see errors in your console output that reference ATS directly. To determine whether the image data is loaded correctly, it is best to put a breakpoint in the campaign handler.

Apple does offer a way to configure ATS from within your Info.plist file. You can opt-out of specific domains by using NSExceptionDomains. For information on making domain exceptions, refer to the Apple Cocoa Keys documentation on NSAppTransportSecurity.