KB-1272 Apple enforcing App Transport Security (ATS) starting 1 January 2017

Change

During a security presentation at Apple’s Worldwide Developers’ Conference 2016, Apple announced that App Transport Security (ATS) will be required for all iOS apps as of 1 January 2017.

ATS enforces best practices for secure network connections, notably TLS 1.2 and perfect forward secrecy (PFS).

More information about Apple's requirements for ATS can be found here.

Impact

There are two primary areas of impact if no action is taken:

  1. Connectivity to Appian sites
    • All self-managed customers, who have Appian sites that do not comply with ATS, will not be able to connect to their sites from any Appian app for iOS.
    • Appian Cloud customers should be unaffected by this change.
  2. Application components integrating with non-ATS compliant services:
    • Appian applications integrating with external services must also abide by ATS requirements. Failure to do so will cause applications to break.
    • This affects both self-managed as well as Appian Cloud customers.
    • As an example, if you look at the SAIL expression below it links to an image where the source uses http. iOS will block access to the http resource, causing the component to break:
      =a!imageField( label: "ImageField Example", images: { a!webImage( source: "http://i.imgur.com/4tf4Cmo.png" )} ) 

To check whether your site will be impacted by ATS, Appian is providing a preview release of the iOS App that has ATS enabled for testing purposes. In order to download the preview App, please contact Appian Technical Support either through support case or at support@appian.com.

Test Your Site's Compliance

On a Mac running Mac OSX 10.11 El Capitan or later, you can test your site’s complaince with Apple’s ATS standards by running the command:

nscurl --verbose --ats-diagnostics <your_site_url> 

The output of this command will inform you which ATS specifications, if any, your site is violating.

Affected Versions

All public versions of the Appian app for iOS distributed after 1 January 2017 will have ATS enabled. Please ensure that your infrastructure complies with Apple’s guidelines for ATS so that your sites and applications are not affected by this change.

For customers using custom branded Appian iOS mobile applications, any applications distributed on or before 31 December 2016 will be unaffected. However, ATS must be enabled for Apps that are distributed post 1 January 2017.

If you have any additional questions, please contact Appian Technical Support either through support case or at support@appian.com.

Last Reviewed: March 2017

Related
Recommended