Monday, 19 September 2016

iOS Overview: How to Create Local Notifications in iOS10

iOS Overview: How to Create Local Notifications in iOS10:

From iOS10 and onwards Apple deprecated UILocalNotification . We need to use UNNotificationRequest instead. UNNotificationRequest is def...

How to Create Local Notifications in iOS10

From iOS10 and onwards Apple deprecated UILocalNotification. We need to use UNNotificationRequest instead.

UNNotificationRequest is defined under UserNotifications framework. UNNotificationRequest consists of the following two objects or properties.

(a) UNNotificationContent
It defines the contents on the notification. For local notifications, create a UNMutableNotificationContent object and configure the contents of that object instead.

(b) UNNotificationTrigger
This is for defining an event that triggers the delivery of the notification.

Before triggering a notification, the first step from the App we should do is requesting authorisation for user interactions. The first time your app requests authorization, the user is alerted and given an opportunity to deny or grant that authorization.


Requesting authorization for user interactions in Objective C




Requesting authorization for user interactions in Swift




Creating a simple local notification in Objective C




Creating a simple local notification in Swift




Once the notification is triggered and the application is in background , notification UI will pop up with a sound.





Monday, 13 June 2016

iOS App Transport Security features in detail

What is App Transport Security ?

From iOS 9.0 and OS X 10.11 onwards Apple introduces a security feature called App Transport Security, which is enabled in apps by default. When ATS is enabled Apps will support only HTTPS connection to web servers, HTTP connections will fail with the following error in console.

App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.

To enable HTTP connections we need to configure the following keys in the App Info.plist file. This will disable ATS and HTTP connections will work as expected.

      <key>NSAppTransportSecurity</key>
      <dict>
           <key>NSAllowsArbitraryLoads</key><true/>
      </dict>


ATS is enabled by default in NSURLSession class and its APIS, the older NSURLConnection class also enforces ATS when you link against the iOS9.0 SDK or later.

if we are link our App against a SDK older than 1OS 9.0, ATS is disabled and the NSAppTransportSecurity key will be ignored.

By introducing Apple enforces the following security concerns.

  1. HTTP will be disabled by default
  2. HTTPS is not strong enough
  3. HTTPS must have “forward secrecy enabled”

There are some requirements to completely support ATS.

  • The App HTTP connections must use HTTPS.
  • The Transport Layer Security version must be TLS 1.2
  • TLS connection cipher suite must support forward secrecy (FS)
  • The leaf certificate must be signed with either RSA key with length 2048 bits or ECC key with size of atlas 256 bits


Depending upon the web servers and their capabilities we can have different configurations in the App Info.plist files.


For example.
To support ATS generally but allow HTTP connection to a specific server that does not support HTTPS, we can have the following config.


NSAppTransportSecurity
 NSExceptionDomains
        "media-server.example.com"
            NSExceptionAllowsInsecureHTTPLoads = YES


To use a secure connection to a Web server that uses an older version of TLS and does not support Forward Secrecy , we can use the following config.


NSAppTransportSecurity
    NSExceptionDomains
        "less-secure.example.com"
            NSExceptionRequiresForwardSecrecy = NO
            NSExceptionMinimumTLSVersion = "TLSv1.0"


To support ATS connections to the domain that we control , while allowing HTTP connections to all other URLS we can use the following config.


NSAppTransportSecurity
    NSExceptionDomains
        "domain-i-control.example.com"
            NSExceptionAllowsInsecureHTTPLoads = NO
            NSExceptionRequiresForwardSecrecy = YES
            NSExceptionMinimumTLSVersion = "TLSv1.2"
        "other-domain-i-control.example.com"
            NSExceptionAllowsInsecureHTTPLoads = NO
            NSExceptionRequiresForwardSecrecy = YES
            NSExceptionMinimumTLSVersion = "TLSv1.2"
    NSAllowsArbitraryLoads = YES


Debugging ATS Connections

1. First come option to debug a network problem is by using some packet sniffing tool like Burp Suite. (refer: https://portswigger.net/burp/)
2. In mac we can also use some inbuilt tools like tcpdump. To debug some high level protocols like HTTP we can use tcpflow.

To install tcpflow use the following link.
http://macappstore.org/tcpflow/

3. To do iOS Packet Tracing, we can use “Remote Virtual Interface”. Please refer the following link.
4. If we are using ATS support the data will not be directly visible in the above packet sniffing tools. We need to use “CFNetwork Diagnostic Logging”.

Please refer the link
https://developer.apple.com/library/ios/qa/qa1887/_index.html#//apple_ref/doc/uid/DTS40015177

5. In some cases it's useful to connect to a server and issue it commands for testing purposes. If the protocol is being used is TLS, your best option is the s_client subcommand of the openssl tool. An example command is given below.

openssl s_client -connect www.apple.com:443

Please refer: https://developer.apple.com/library/ios/technotes/tn2232/_index.html#//apple_ref/doc/uid/DTS40012884

6. Using the nscurl tool to diagnose ATS Connection Issues

In OS X v10.11 and later, you can use the /usr/bin/nscurl tool to help diagnose connection issues due to App Transport Security.

The command line 

/usr/bin/nscurl --ats-diagnostics https://apple.com


The most of the above contents are referred from the following Apple’s technical documentation.

https://developer.apple.com/library/ios/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html