忙しい人のためのApp Transport Security

Transcript

1. { } try! Swift ๩͍͠ਓͷͨΊͷ App Transport Security Tokyo 2017

2. @ niwatako

3. None

4. { } try! Swift Kyoto
 ژ౎

5. None
6. None

7. MacBook Gold

8. None

9. { } try! Swift ๩͍͠ਓͷͨΊͷ App Transport Security Tokyo 2017

10. App Transport Security Enforcement

11. App Transport Security

12. σϑΥϧτͰ༗ޮ

13. App Transport Security Safe HTTPS Unsafe HTTPS HTTP ❌ ❌

14. https • different? Safe HTTPS Unsafe HTTPS

15. https • different? • Hash algorithm • Digital sign •

    Encryption • … Safe HTTPS Unsafe HTTPS

16. > What’s is the “Safe HTTPS” ? ( ɾωɾ)ͬ Information

    Property List Key Reference https://developer.apple.com/library/prerelease/content/ documentation/General/Reference/InfoPlistKeyReference/Articles/ CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW57

17. $ nscurl --ats-diagnostics https://apple.com/

18. $ nscurl --ats-diagnostics https://apple.com/ Default ATS Secure Connection --- ATS

    Default Connection Result : PASS ---

19. $ nscurl --ats-diagnostics https://swift.org/ Default ATS Secure Connection --- ATS

    Default Connection 2017-03-03 09:53:51.924 nscurl[82267:6343870] N NSURLConnection HTTP load failed (kCFStreamErro Result : FAIL ---

20. Want to connect HTTP? Safe HTTPS HTTP ❌ ❌ Unsafe

    HTTPS

21. NSAllowsArbitraryLoads Safe HTTPS HTTP Unsafe HTTPS

22. NSExceptionDomains Safe HTTPS HTTP ❌ ❌ Unsafe HTTPS hatena.ne.jp hatena.ne.jp

    swift.org

23. New ATS Options

24. • NSAllowsArbitraryLoadsForMedia App Transport SecurityͷͨΊͷΦϓγϣϯ

25. • NSAllowsArbitraryLoadsForMedia • NSAllowsArbitraryLoadsInWebContent App Transport SecurityͷͨΊͷΦϓγϣϯ

26. • NSAllowsArbitraryLoadsForMedia • NSAllowsArbitraryLoadsInWebContent • NSAllowsLocalNetworking App Transport SecurityͷͨΊͷΦϓγϣϯ

27. • NSAllowsArbitraryLoadsForMedia • NSAllowsArbitraryLoadsInWebContent • NSAllowsLocalNetworking App Transport SecurityͷͨΊͷΦϓγϣϯ

28. None

29. NSAllowsArbitraryLoadsInWebContent

30. NSAllowsArbitraryLoadsInWebContent WK: WebViewɺUI: UIWebViewɺNS: NSURLSession WK UI NS Safe HTTPS

    HTTP Unsafe HTTPS WK UI NS WK UI NS

31. ATSɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹ ATS ɹɹɹɹɹɹɹɹɹ WK UI NS Safe HTTPS HTTP Unsafe

    HTTPS WK UI NS WK UI NS ATS

32. NSAllowsArbitraryLoads WK UI NS Safe HTTPS HTTP Unsafe HTTPS WK

    UI NS WK UI NS

33. … ATSɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹ ATS ɹɹɹɹɹɹɹɹɹ WK UI NS Safe HTTPS HTTP

    Unsafe HTTPS WK UI NS WK UI NS

34. NSAllowsArbitraryLoadsInWebContent (iOS10.0) WK UI NS Safe HTTPS HTTP Unsafe HTTPS

    WK UI NS WK UI NS ATS ɹɹɹɹɹɹɹɹɹ

35. WK UI NS Safe HTTPS HTTP Unsafe HTTPS WK UI

    NS WK UI NS ATS ɹɹɹɹɹɹɹɹɹ NSAllowsArbitraryLoadsInWebContent (iOS10.0)

36. NSAllowsArbitraryLoadsInWebContent (iOS10.0) WK UI NS Safe HTTPS HTTP Unsafe HTTPS

    WK UI NS WK UI NS ATS ɹɹɹɹɹɹɹɹɹ

37. WK UI NS Safe HTTPS HTTP Unsafe HTTPS WK UI

    NS WK UI NS iOS10.2ʙ NSAllowsArbitraryLoadsInWebContent (iOS10.2) ATS ɹɹɹɹɹɹɹɹɹ ATS

38. NSAllowsArbitraryLoadsInWebContent (iOS10.2) Bug… WK UI NS Safe HTTPS HTTP Unsafe

    HTTPS WK UI NS WK UI NS ATS ɹɹɹɹɹɹɹɹɹ ATS

39. NSAllowsHTTPLoadsInWebContent NSAllowsArbitraryLoadsInWebContent

40. None

41. WK UI NS Safe HTTPS HTTP Unsafe HTTPS WK UI

    NS WK UI NS ATS ɹɹɹɹɹɹɹɹɹ NSAllowsArbitraryLoadsInWebContent (iOS10.0)

42. WK UI NS Safe HTTPS HTTP Unsafe HTTPS WK UI

    NS WK UI NS iOS10.2ʙ NSAllowsArbitraryLoadsInWebContent (iOS10.2) ATS ɹɹɹɹɹɹɹɹɹ ATS

43. Required by App Store at end of 2016

44. Required by App Store at end of 2016 Ԇظ

45. Let's use
 NSAllowsArbitraryLoads


46. Important Things About ATS • There are cases that it

    does not work properly. • You should to check 
 both the specification and the actual behavior. • Behaviors are different between minor versions.