Master iOS 9: Secure Your App with ATS and Shrink It with App Thinning
This article explains iOS 9's App Transport Security and App Thinning features, detailing how to configure ATS, use nscurl for diagnostics, and apply App Thinning mechanisms such as Slicing, On‑Demand Resources, and Bitcode to improve security and reduce app size.
After the Apple fall event, iOS 9 GM was released and developers need to ensure their apps are compatible with the new system.
The article focuses on two important iOS 9 features: App Transport Security (ATS) and App Thinning.
App Transport Security
App Transport Security is a feature that improves the security of connections between an app and web services by enforcing best‑practice TLS requirements.
When ATS is enabled, all network requests are forced to use HTTPS and must meet several criteria:
TLS version 1.2 or higher Cipher suites must support Forward Secrecy Certificates must use ATS‑approved signing algorithms
Developers can verify their server configuration with the nscurl command:
$ nscurl --verbose --ats-diagnostics https://<your_server_domain>ATS can be disabled or relaxed by adding NSAppTransportSecurity entries to the app’s Info.plist. Common keys include:
NSAllowsArbitraryLoads NSExceptionDomains NSExceptionMinimumTLSVersion NSExceptionRequiresForwardSecrecy NSExceptionAllowsInsecureHTTPLoads NSThirdPartyExceptionMinimumTLSVersion NSThirdPartyExceptionRequiresForwardSecrecy NSThirdPartyExceptionAllowsInsecureHTTPLoads
Examples:
Disable ATS completely:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>Disable ATS for a specific domain:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>mine.test.com</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<false/>
</dict>
</dict>
</dict>Modify ATS requirements for a domain:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>mime.test.com</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<false/>
</dict>
<key>third.test.com</key>
<dict>
<key>NSThirdPartyExceptionMinimumTLSVersion</key>
<string>1.1</string>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
</dict>App Thinning
The App Store and the OS optimize iOS and watchOS app installation by delivering only the resources needed for the specific device, reducing footprint and improving download speed.
App Thinning consists of three mechanisms:
Slicing : After uploading an app bundle, Apple creates device‑specific variants so each device receives only the assets it needs.
On‑Demand Resources (ORD) : Developers tag resources; the system downloads them when required and can purge them when storage is low.
Bitcode : When enabled, developers upload an intermediate representation; Apple compiles device‑specific binaries on the fly, supporting future hardware without a new release.
Enabling Bitcode requires that all third‑party libraries also provide Bitcode builds, and it may increase the size of the intermediate .app bundle and affect symbolication.
Overall, iOS 9’s ATS and App Thinning features enhance security and user experience, and developers should consider them during app compatibility work.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Tencent TDS Service
TDS Service offers client and web front‑end developers and operators an intelligent low‑code platform, cross‑platform development framework, universal release platform, runtime container engine, monitoring and analysis platform, and a security‑privacy compliance suite.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.