1

I am developing an application in iOS. For my development I am using Xcode beta7. Before, I used to test my app in my mobile with iOS 8.4 after updating to iOS 9, I can't install the same app in my mobile. Please give me some suggestions. Big thanks!

zaph
  • 111,848
  • 21
  • 189
  • 228
Ankam
  • 25
  • 6
  • 1
    Can't install how, by running within Xcode? What happens. More info, More info. – Gruntcakes Sep 18 '15 at 19:11
  • I am sorry for my previous post. A small change: I can install the app but I can't retrieve the data in my mobile. It showing the error: **Could not launch "my app", process launch failed security** in Xcode. before in iOS 8.4 I can see the the data now it's showing empty in iOS 9. – Ankam Sep 18 '15 at 19:26
  • Try this http://stackoverflow.com/questions/25824908/xcode-process-launch-failed-security – Gruntcakes Sep 18 '15 at 19:33
  • By "can't retrieve the data" does that mean from a http request? – zaph Sep 18 '15 at 19:48
  • Yes, I can retrieve the data in Android, but not in iOS 9. – Ankam Sep 18 '15 at 19:50
  • Yes it is http connection. I am using AWS server. About my application: I have MS word file in server (Amazon web services). I able to see the data in Android mobile but I can't retrieve the data in my iphone 5 (iOS 9). before in iOS 8.4 I can see the data now it's showing empty in iOS 9. Any suggestions please. Thank you in advance! – Ankam Sep 18 '15 at 20:13

3 Answers3

1

Add this line to your .plist file: enter image description here

Source:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>yoursite.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
    </dict>
</dict>

Workaround, edited because shouldn't be used. Secure your data

lukeswitz
  • 553
  • 4
  • 14
  • If only a singlr domain is being accessed that is overkill. – zaph Sep 18 '15 at 20:25
  • Thanks for your suggestions, Well, I had made changes in info.plist. Still I am getting error. I unable to retrieve the data...:( – Ankam Sep 19 '15 at 20:47
0

From the initially minimal question information the problem is probably a failing http request to a server that does not meet current security best practices.

iOS9 now by default requires a server to support https with TLS 1.2, forward security and secure encryption methods.

From: App Transport Security Technote

Default Behavior:
All connections using the NSURLConnection, CFURL, or NSURLSession APIs use App Transport Security default behavior in apps built for iOS 9.0 or later, and OS X 10.11 or later. Connections that do not follow the requirements will fail.

The solution is to up date the server to https TLS 1.2 and forward security. Also only supporting the encryption method in the above Security Technote.

Another solution is to whitelist the url on the app plist or even if necessary allow all http connections. This reduces the connection security, the best approach is to update the server.

If necessary all URLs can be allowed, this is usually only needed when the URLs to be accessed are not known, perhaps user supplied or there are a large number of known URLs.

To disable security for all URLs add this to the app's plist file:
(not recommended) unless you really need to access unknown URLs

<key>NSAppTransportSecurity</key>  
     <dict>  
          <key>NSAllowsArbitraryLoads</key><YES/>  
     </dict>

To disable security for a single URLs (and sub URLs) add this to the app's plist file (change "yourdomain.com to the correct URL":

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>yourdomain.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
    </dict>
</dict>

Apple supplied information about this several places:

There was the WWDC 2015 session 706 that described as well as the release notes: What's New in iOS iOS 9.0. I believe it was also mentioned in the WWDC keynote.

Also see this SO Answer: About ATS SSL in iOS 9 release version.

Community
  • 1
  • 1
zaph
  • 111,848
  • 21
  • 189
  • 228
  • About my application: I have MS word file in server (Amazon web services). I able to see the data in Android mobile but I can't retrieve the data in my iphone 5 (iOS 9). before in iOS 8.4 I can see the data now it's showing empty in iOS 9. Any suggestions please. – Ankam Sep 18 '15 at 20:11
  • Yes, see the links in the answer. You need to add a plist entry to allow iOS9 to accept poor security. Without that iOS9 will not make the request because the site does not meet current security best practices. – zaph Sep 18 '15 at 20:17
  • Thanks for your information, I have made changes to Info.plist, even though I am unable to retrieve the data from server. can you please tell me in detail how to change **Domain.com** to correct URL. Thanks a lot..! – Ankam Sep 19 '15 at 21:25
  • In place of "yourdomain.com" put the server domain. Here is the bad news, there is a lot to learn about network communications even limiting that to http/https. Now might be a good time to start studying. – zaph Sep 20 '15 at 19:51
  • Correct and safest answer. – lukeswitz Sep 21 '15 at 00:15
0

Be sure to set NSAppTransportSecurity for compatibility.

See: How can I add NSAppTransportSecurity to my info.plist file?

Community
  • 1
  • 1
Francois Robert
  • 556
  • 10
  • 14