DEMO1_IOS9 Network Adaptation _ Switch to more secure HTTPS
IOS9 all HTTP requests to https: The IOS9 system sends a network request that uses TLS 1.2 SSL uniformly. With the TLS 1.2 protocol, the purpose is to enforce enhanced data access security, and related network requests under the System Foundation framework will no longer default to unsecured network protocols such as Http, and TLS 1.2 is used by default. The server therefore needs to be updated to parse the relevant data. If not updated, you can reverse the unsecured network request by declaring it in Info.plist.
Before the discussion, as usual, first of all, The iOS program apes are most concerned about the problem:
Have a hair relationship with me? Do you need me to work overtime?
First, let's look at the industry's comments on Apple's approach:
This is a social app to discuss, it seems that the industry is still spit sound and affirmation of the sound of the same.
The conclusion is:
I have a relationship with you, work overtime, Junior!
The book "Serious Face", we formally discuss the following what,why,how:
What is SSL/TLS? What is the relationship with HTTP and HTTPS?)
Why (previous HTTP is not also available?) Why use SSL/TLS, idle panic?! Is Apple again anti-human? )
How (How to fit?) ---weak and weak to ask: how long to work overtime? )
What is SSL/TLS? What is the relationship with HTTP and HTTPS?)
As usual, let's start with the conclusion that:
1 |
HTTP+SSL/TLS+TCP = HTTPS |
TLS is a new nickname for SSL. As an example:
"TLS1.0" to "SSL3.1", still "A.D. 2015" in the "Republic of 104", or "1 kilograms" to "one kilogram", or "half catty" to "82": The name is different, but the meaning is the same.
The iteration version after the SSL 3.0 version is renamed to TLS 1.0,
Other words:
So they're a thing, and we often simply see the term "SSL/TLS".
Commonly used are the following:
SSL 2.0
SSL 3.0
TLS 1.0 (SSL 3.1)
TLS 1.1 (SSL 3.1)
TLS 1.2 (SSL 3.1)
So why is the title "using HTTPS" without mentioning SSL and TLS? To understand this, take a look at the next formula:
1 |
HTTP+SSL/TLS+TCP = HTTPS |
For example: If the original HTTP is a plastic pipe, easy to be punctured, then the new design of HTTPS today is like in the original plastic pipe, and then a layer of metal pipe. As a result, the original plastic pipe is still running, and secondly, after being reinforced with metal, it is not easy to be punctured.
Currently, the most widely used is TLS 1.0, followed by SSL 3.0. However, the majority of browsers have implemented TLS 1.2 support.
Apple lets your HTTP use the SSL/TLS protocol, which lets you go from http to https
Why (previous HTTP is not also available?) Why use SSL/TLS, idle panic?! Is Apple again anti-human? )
HTTP communications that do not use SSL/TLS are non-encrypted communications!
All information is transmitted in plaintext, bringing three major risks:
Eavesdropping risk (eavesdropping): Third parties can learn the content of the communication.
Tamper risk (tampering): Third parties may modify the communication content.
Impersonation risk (pretending): A third party can participate in the communication by impersonating another person.
The SSL/TLS protocol is designed to address these three risks and is expected to achieve:
All information is encrypted and third parties cannot eavesdrop.
With the verification mechanism, once tampered with, the communication parties will immediately find.
Equipped with identity card to prevent identity from being impersonated.
How (How to fit?) ---weak and weak to ask: how long to work overtime? )
As the beginning of the article says:
The TLS 1.2 protocol enforces enhanced network requests under the framework of the data access security system Foundation and will no longer default to unsecured network protocols such as Http, with TLS 1.2 being used by default. The server therefore needs to be updated to parse the relevant data. If not updated, you can reverse the unsecured network request by declaring it in Info.plist.
Scenario One: Immediately let the company's server upgrade use TLS 1.2
Scenario Two: Although Apple does not recommend, but can be declared in the Info.plist, back to the insecure network request will still allow the app to access the specified HTTP, or even arbitrary HTTP,
See GIF diagram for a sample demo see Demo1
As the official Apple document says:
The XML source in the Info.plist configuration is as follows:
The above is a more rigorous approach that specifies which specific HTTP can be accessed. Of course, there are violent practices: completely backwards back to unsecured HTTP network requests, can make arbitrary HTTP requests, such as you are developing a browser app, or you want to lazy, or lazy backstage, or the company does not give you to upgrade the server ...
Disclaimer: Currently Apple's official documentation does not mention how to configure the Info.plist, I will closely follow the official documentation, if mentioned, and then update this article.
Demo2_ios9 new Features _ more flexible background positioning
Demo:github Address
"IOS9 on the problem of positioning, there is a bad news a good news" bad news: If not fit iOS9, you can not sneak in the background (without blue bar, see picture)! Good news: This scenario will be allowed: multiple location managers in the same app: some can only be located in the foreground, others can be located in the background, and can be turned on or off in the background of a particular location manager at any time.
If you do not have permission to request background targeting, you can also locate it in the background, but with a blue bar:
How to secretly locate in the background: Request Background Location permissions:
12345678910111213141516171819 |
// 1. 实例化定位管理器
_locationManager = [[CLLocationManager alloc] init];
// 2. 设置代理
_locationManager.delegate = self;
// 3. 定位精度
[_locationManager setDesiredAccuracy:kCLLocationAccuracyBest];
// 4.请求用户权限:分为:?只在前台开启定位?在后台也可定位,
//注意:建议只请求?和?中的一个,如果两个权限都需要,只请求?即可,
//??这样的顺序,将导致bug:第一次启动程序后,系统将只请求?的权限,?的权限系统不会请求,只会在下一次启动应用时请求?
if
([[[UIDevice currentDevice] systemVersion] floatValue] >= 8) {
//[_locationManager requestWhenInUseAuthorization];//?只在前台开启定位
[_locationManager requestAlwaysAuthorization];
//?在后台也可定位
}
// 5.iOS9新特性:将允许出现这种场景:同一app中多个location manager:一些只能在前台定位,另一些可在后台定位(并可随时禁止其后台定位)。
if
([[[UIDevice currentDevice] systemVersion] floatValue] >= 9) {
_locationManager.allowsBackgroundLocationUpdates = YES;
}
// 6. 更新用户位置
[_locationManager startUpdatingLocation];
|
But if you try this way, and you don't configure info.plist,100%, your program crashes and you get an error:
1 |
*** Assertion failure in -[CLLocationManager setAllowsBackgroundLocationUpdates:], /BuildRoot/Library/Caches/com.apple.xbs/Sources/CoreLocationFramework_Sim/CoreLocation-1808.1.5/Framework/CoreLocation/CLLocationManager.m:593 |
To configure the Info.plist as follows:
The corresponding Info.plist XML source code is:
Bitcode (Popular explanation: Online version of Android art mode)
The future Watch app must contain bitcode,ios not mandatory, but Xcode7 will turn on Bitcode by default.
How to fit?
Method One: Update the library to include Bitcode, otherwise the following warning will appear;
1 |
(
null
): URGENT: all bitcode will be dropped because
‘/Users/myname/Library/Mobile Documents/com~apple~CloudDocs/foldername/appname/GoogleMobileAds.framework/GoogleMobileAds(GADSlot+AdEvents.o)‘
was built without bitcode. You must rebuild it
with
bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode
for
this target. Note: This will be an error
in
the future.
|
Method Two: Close the Bitcode, see
For more information, please visit Bitcode Apple Official document
, and WWDC Session 102: "Platforms state of the Union"
Enterprise-level distribution
Before IOS9, enterprise-level distribution is very convenient: Click the app appears "Trust button",
After iOS9, the Enterprise Distribution IPA package will be treated the same as the DMG installation package on Mac: The default cannot be installed and the "trust button" no longer appears
You must have the user set up in the GIF (related demo:https://github.com/chenyilong/ios9adaptationtips/)
URL scheme
In IOS9, if you use URL scheme You must whitelist the URL scheme you want to call externally in "info.plist", otherwise you cannot use it. Key is called Lsapplicationqueriesschemes, and the content of the value is
1 |
LSApplicationQueriesSchemes urlscheme urlscheme2 urlscheme3 urlscheme4 |
Recommend a blog: http://awkwardhare.com/post/121196006730/quick-take-on-ios-9-url-scheme-changes
The most critical of these are the following sections:
12 |
If you call the “canOpenURL” method on a URL that is not
in
your whitelist, it will
return
“NO”, even
if there is an app installed that has registered to handle
this
scheme. A “This app is not allowed to query
for
scheme xxx” syslog entry will appear.
If you call the “openURL” method on a URL that is not
in
your whitelist, it will fail silently. A “This app is not allowed to query
for scheme xxx” syslog entry will appear.
|
For more information, please visit: WWDC Session 703: "Privacy and Your App" Time around 30:18
ipad adaptation slide over and Split View
"ipad adaptation slide over and Split View" If you want to fit the multi tasking feature, the only advice: Discard the pure code, instead of storyboard, xib, throughout the Apple WWDC all demos are the same:
Mysteries of Auto Layout, part 1
What ' s New in storyboards
Implementing UI Designs in Interface Builder
Getting Started with multitasking on IPad in IOS 9
Optimizing Your App for multitasking on IPad in IOS
"Turn" iOS9 adaptation