I used the SSH approach method in the post https://developer.apple.com/forums/thread/703234 to add TLS trust for the local accessory device with a self signed certificate. In the Info.plist, I disabled App Transport Security for local networking by setting the NSAllowsLocalNetworking property, as mentioned in the post. However, I am still encountering the following SSL error: ATS failed system trust Connection 3: system TLS Trust evaluation failed(-9802) Connection 3: TLS Trust encountered error 3:-9802 Connection 3: encountered error(3:-9802) Task <9432C2C5-C7A1-44E4-95CC-2AFA49D6C501>.<1> HTTP load failed, 0/0 bytes (error code: -1200 [3:-9802]) Task <9432C2C5-C7A1-44E4-95CC-2AFA49D6C501>.<1> finished with error [-1200] Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3 In the code everything is working fine. The certificates are compared and CFEqual(expected, actual), is returning true. Also in urlSession delegate method , the return completionHandler(.useCredential, credential) is returned. When I disable ATS in Info.plist by setting NSAllowsArbitraryLoads, it works fine. I have the following questions: Should I disable ATS by setting NSAllowsArbitraryLoads along with setting ? Instead of accepting the server certificate for the first time and saving it in the app, why can’t we embed the self-signed certificate in the app directly and use it for comparison?

Hi, Our organization has an app that serves as the remote control for an IoT device. The app is free, with no in-app purchases. Any person who purchases the IoT device can use the app for free to set up the device. Can I opt for non-trader status for the app?

Hi, I want to implement FIDO based biometric authentication in our app. I don't want to use passkeys because they are only compatible with iOS 16 and higher. Is there a way to use it through the SFSafariViewController, a web view, ASWebAuthenticationSession or any another method?

Hi, Is it possible to programatically connect to saved network without password?. Is there any NEHotspotConfigurationManager configuration available for the same?.

Hi, When app is not running and user disable the push notification from app settings, how the app can identify this permission change? When user launch the app for next time the permission can be checked. But is there a way to identify without relaunching the app? Also how APNS is identifying this permission change or is this happening at device level?

Hi, I need to submit an app which uses biometric and email verification for sign in. What should be provided for the Sign-In Information when submitting this app for review? The review team cannot sign in to this account even though I provide a username since email and biometric verification are required. Will the review team create accounts and test them?

My app connects to an accessory via the hotspot provided by the accessory. This Wifi has no internet connection. Also app uses web WKWEBView to load UI So when the mobile data is on, even though the wifi is connected priority is for mobile Data. All the local request that is sent to the accessory is failing. Is there a way to force the WKWebView or app to use WIFI over cellular?

Hi, My app connects to an accessory via the hotspot provided by the accessory. This Wifi has no internet connection. So when the mobile data is on, even though the wifi is connected priority is for mobile Data. All the local request that is sent to the accessory is failing. Is there a way to prioritise Wifi over mobile data ?. Is there a way to turn off mobile data programatically ?. How to handle this situation?

Hi, In our project we have a device which will provide a secure access point(wifi and ethernet) and it is using a 802.1x Radius server authentication system. In order for the iOS devices to be network trusted in 802.1X, the root and intermediate CAs must be installed in iOS device. How can this be done programmatically in swift without sharing the user a link with the trusted certificate to the iOS devices and asking user to manually trust it from Certificate Trust Settings. Can I add the certificate to the list of trusted anchors using SecTrustSetAnchorCertificates(_: _:).

My app is using a self signed certificate and we are planning to use the same in production. To avoid asking user to install the certificate manually, can I add the certificate to the list of trusted anchors using SecTrustSetAnchorCertificates(_: _:). Is this a correct approach ? Please find the code below:   func addAnchorToTrust(trust: SecTrust, certificate: SecCertificate) -> SecTrust {         let array: NSMutableArray = NSMutableArray()         array.add(certificate)         SecTrustSetAnchorCertificates(trust, array)         return trust     }     func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {         guard challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust, let serverTrust = challenge.protectionSpace.serverTrust else {             completionHandler(URLSession.AuthChallengeDisposition.cancelAuthenticationChallenge, nil)             return         }         let filePath = Bundle.main.path(forResource: "httpsPublicCertificate", ofType: "cer")         guard let file = filePath, let savedCertificateData = NSData(contentsOfFile: file), let rootCert = SecCertificateCreateWithData(kCFAllocatorDefault, savedCertificateData) else {             completionHandler(URLSession.AuthChallengeDisposition.cancelAuthenticationChallenge, nil)             return         }         let sslInput = addAnchorToTrust(trust: serverTrust, certificate: rootCert)         var result: SecTrustResultType = SecTrustResultType.unspecified         let error: OSStatus = SecTrustEvaluate(sslInput, &result)         if (error != 0){             completionHandler(URLSession.AuthChallengeDisposition.cancelAuthenticationChallenge, nil)             return         }         guard self.validate(trust: serverTrust, with: SecPolicyCreateBasicX509()), let serverCertificate = SecTrustGetCertificateAtIndex(serverTrust, 0)         else {             completionHandler(URLSession.AuthChallengeDisposition.cancelAuthenticationChallenge, nil)             return         }         let serverCertificateData = SecCertificateCopyData(serverCertificate)         let serverCertificateDataPtr = CFDataGetBytePtr(serverCertificateData);         let serverCertificateDataSize = CFDataGetLength(serverCertificateData);         let serverCertificateNSData = NSData(bytes: serverCertificateDataPtr, length: serverCertificateDataSize)         if serverCertificateNSData.isEqual(to: savedCertificateData as Data) {             completionHandler(URLSession.AuthChallengeDisposition.useCredential, URLCredential(trust:serverTrust))             return         }     }     private func validate(trust: SecTrust, with policy: SecPolicy) -> Bool {         let status = SecTrustSetPolicies(trust, policy)         guard status == errSecSuccess else { return false }         return SecTrustEvaluateWithError(trust, nil)     }

Hi, I am trying to implement SSL socket connection with an android device. I am able to receive the message from android device successfully. But while trying to write data , issue happens. This is my write function func write(message: String) {         let data = message.data(using: .utf8)!         data.withUnsafeBytes {             guard let pointer = $0.baseAddress?.assumingMemoryBound(to: UInt8.self)             else {                 print("Error")                 return             }             self.outputStream?.write(pointer, maxLength: data.count) } } If I send a small string, it is not received at android end. But when I send a large string, say count 30000 char. It will be received at android side. But first two characters will be lost. Below is my connect function: var inputStream: InputStream? var outputStream: OutputStream? var inputDelegate: StreamDelegate? var outputDelegate: StreamDelegate? func connect(host: String, port: Int) { Stream.getStreamsToHost(withName:host, port: 8443, inputStream: &inputStream, outputStream: &outputStream)         inputDelegate = self         outputDelegate = self         inputStream!.delegate = inputDelegate         outputStream!.delegate = outputDelegate         inputStream!.schedule(in:RunLoop.main, forMode: .default)         outputStream!.schedule(in:RunLoop.main, forMode: .default)      inputStream!.setProperty(kCFStreamSocketSecurityLevelNegotiatedSSL, forKey:  Stream.PropertyKey.socketSecurityLevelKey)   outputStream!.setProperty(kCFStreamSocketSecurityLevelNegotiatedSSL, forKey: Stream.PropertyKey.socketSecurityLevelKey)         let sslSettings : [NSString: Any] = [             NSString(format: kCFStreamSSLValidatesCertificateChain): kCFBooleanFalse,             NSString(format: kCFStreamSSLPeerName): kCFNull,             NSString(format: kCFStreamSSLIsServer): kCFBooleanFalse         ]         inputStream!.setProperty(sslSettings, forKey:  kCFStreamPropertySSLSettings as Stream.PropertyKey)         outputStream!.setProperty(sslSettings, forKey: kCFStreamPropertySSLSettings as Stream.PropertyKey)         inputStream!.open()         outputStream!.open()     }      Please help to debug the issue.