App Transport Security difficult to work with when working with IP addresses on the local network

Originator:joshavant
Number:rdar://23249269 Date Originated:24-Oct-2015 04:32 PM
Status:Open Resolved:
Product:iOS SDK Product Version:
Classification:Enhancement Reproducible:Always
 
Summary:
I'm working with hardware on the local network that's discovered at runtime using either NSNetServiceBrowser or SSDP. This hardware communicates using unencrypted HTTP, meaning it's blocked by default by App Transport Security. There doesn't appear to be a good way of whitelisting said devices using ATS.

Steps to Reproduce:
1. In the default configuration, try to connect to a HTTP service running on the local network.
2. See that it's blocked by App Transport Security by default. 
3. Attempt to whitelist the service in a sensible way using the NSAppTransportSecurity family of Info.plist keys

Expected Results:
I'd expect there to be a way to whitelist IP blocks for e.g. local networks. This way, I could whitelist the following:

10.0.0.0/8
172.16.0.0/12
192.168.0.0/16 

…and still keep App Transport Security for connections to the outside world. 

Actual Results:
It's impossible to whitelist services on the local network. The only way I've been able to get around this is to completely disable App Transport Security for my application using NSAllowsArbitraryLoads: YES.

Version:
iOS 9.1

Notes:


Configuration:
iPhone 6s

Attachments:

Comments

Josh Avant03-Nov-2015 03:19 PM

Sorry, I actually do not have any logs to provide, since I'm actually just duping an OpenRadar bug that is requesting the same feature changes I'd like to see.

(I duped the bug because I expected it helps ADR with their own internal bookkeeping. Hopefully that's really the case?)

In any case, consider this a request to add IP address whitelisting support to ATS, in addition to the existing hostname support (especially for local IP networks, to support the development process and connecting to local development servers).

By joshavant at Nov. 3, 2015, 11:20 p.m. (reply...)

Apple Developer Relations03-Nov-2015 12:47 PM

Engineering has requested the following information regarding your bug report:

Please provide an iOS sysdiagnose.

iOS sysdiagnose Instructions.

While you're experiencing the reported issue:

  1. Hold both of the volume buttons and Power button until you feel a short vibration from the iOS device.
  2. Sync to iTunes on your host computer.
  3. Find the file that was created on your host machine.

Note: The file the sysdiagnose folder will look similar to: "sysdiagnose_YYYY.MM.DD_HH-MM-SS-XXXX.tar.gz"

Log locations:

OS X:

~/Library/Logs/CrashReporter/MobileDevice/[Your Device Name]/DiagnosticLogs/sysdiagnose/

Note: "~/" your user folder or /Users/[your_user_name_here]/Library/Logs/... not the root level /Library/Logs/... path

Windows 8:

C:Users[Your User Name]AppDataRoamingApple ComputerLogsCrashReporterMobileDevice[Your Device Name]DiagnosticLogssysdiagnose\

Note: The AppData folder is hidden by default. Click the View menu item and check the "Hidden items" checkbox and AppData will appear in the list.

Windows 7 and Vista:

C:Users[Your User Name]AppDataRoamingApple ComputerLogsCrashReporterMobileDevice[Your Device Name]DiagnosticLogssysdiagnose\

Note: The AppData folder is hidden by default. Choose Folder and Search Options from the Organize menu in the file browser window, then click the View tab and change the "Hidden files and folders" option to "Show hidden files and folders".

Windows XP:

C:Documents and Settings[Your User Name]Application DataApple ComputerLogsCrashReporterMobileDevice[Your Device Name]DiagnosticLogssysdiagnose\

Note: The Application Data folder is hidden by default. Choose Tools > Folder Options in the file browser window, then click the View tab and change the "Hidden files and folders" option to "Show hidden files and folders".

  1. Attach the sysdiagnose file to your bug report.
By joshavant at Nov. 3, 2015, 11:20 p.m. (reply...)

Apple Developer Relations03-Nov-2015 12:47 PM

Engineering has requested Wi-Fi logs in order to further investigate this issue.

Wi-Fi Logging Instructions: https://developer.apple.com/bug-reporting/ios/wifi/

By joshavant at Nov. 3, 2015, 11:20 p.m. (reply...)

Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!