question

João Xavier avatar image
João Xavier asked

iOS - App Transport Security with Custom Game Servers

Apple's policy on App Transport Security dictates that all apps submitted to the App Store from December 2016 onwards will be rejected if they use the "popular hack" to allow every remote network call, which was setting the NSAllowsArbitraryLoads flag to YES.

Whereas it is no problem to allow exceptions for our current PlayFab title, because we use the Custom Game Server provided by PlayFab, we don't have control / knowledge about the domain the server will be created on.

How should we set up the exceptions in our iOS client so that it correctly allows connections to PlayFab's game servers?

Custom Game Servers
3 comments
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

istvanvoros88 avatar image istvanvoros88 commented ·

Is there any news on this?

0 Likes 0 ·
glen avatar image glen commented ·

Would be great to get some news on this.

0 Likes 0 ·
brendan avatar image brendan glen commented ·

I couldn't agree more, but we're at the mercy of Apple at the moment. We've asked for an update on the specific impact this has to games, given their needs, and have re-pinged on this. As soon as we know more, we'll be updating this thread.

0 Likes 0 ·

1 Answer

·
brendan avatar image
brendan answered

We're reaching out to Apple to get a clear answer to exactly that. Custom game servers - whether hosted with us or elsewhere - cannot be defined by a simple DNS entry and usually do not have an easily defined list of IP Addresses. As such, the current definition of ATS appears to not allow titles to connect to most types of dedicated game servers. This is puzzling, as services like Xbox Live and PlayStation Network have long since demonstrated how to build a system for allowing a known-good source to "register" servers for secure connections, and I would expect Apple to offer the same feature. Once we have feedback from them on how this will be enabled for iOS devices, we'll update.

7 comments
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

João Xavier avatar image João Xavier commented ·

Thank you! Will stay tuned for updates on this.

0 Likes 0 ·
brendan avatar image brendan João Xavier commented ·

Unfortunately, our key Apple rep is delayed due to Gamescom, so it's going to be a little while until we hear back.

0 Likes 0 ·
brendan avatar image brendan commented ·

Just so everyone knows, where we are with this is that our Apple rep said that games are not exempt, but there's been no clarification from them yet on how titles are supposed to work with custom game server connections. We've clarified this point for them - that unlike Web API calls, custom game servers usually require lower-latency connections (usually UDP or rUDP), and that this is not compatible with what they've described to date. We'll let you know when we hear more on this.

0 Likes 0 ·
glen avatar image glen brendan commented ·

Thanks for the update Brendan!

0 Likes 0 ·
brendan avatar image brendan commented ·

They got back much more quickly this time. Apparently, they don't have the details to answer this question yet, and are working on a communication plan. It sounds like it's a few weeks out.

0 Likes 0 ·
dragonfoundry avatar image dragonfoundry brendan commented ·

Last thing I saw on this from someone at Apple was: "Right now ATS is only enforced by our high-level APIs (NSURLSession, NSURLConnection, and anything layered on top of those), and there’s been no announcements about that changing."

Since most games are direct socket connections, and don't use the HTTP/HTTPS layers, I'm hoping we might be ok here.

0 Likes 0 ·
brendan avatar image brendan dragonfoundry commented ·

Exactly - and that's pretty much what I told them. It sounds like the problem is that this hasn't been clarified internally, so they're not willing to say yea or nay.

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.