Tag Archives: PFS

iOS: How to Handle Upcoming ATS Restrictions in App Store Submissions

Mobile SDK 5.0 is coming soon–and so are some new restrictions on iOS App Store submissions.


Here’s some background information on the restrictions, plus instructions for making sure your apps comply with the new requirements.

Starting on January 1, 2017, the App Store will reject apps whose info.plist files contain Apple Transport Security (ATS) exceptions.

This article summarizes Apple’s requirements for apps:

App Store Review for ATS

For more background details, see:

ATS Configuration Basics

What It Means for You

Until Nov. 9, 2016, Salesforce servers did not enforce Perfect Forward Secrecy (PFS). As a result, Mobile SDK iOS apps contained exceptions in the info.plist file to get around ATS incompatibilities with Salesforce servers. Nowadays, Salesforce servers are up-to-date with PFS support and are 100% compatible with Apple’s transport security policies.

Beginning Jan. 1, apps that contain these exceptions no longer satisfy App Store security requirements.  If you resubmit an app that contains these exceptions, it will automatically trigger a security review. In order to be accepted, you’re required to make the changes described here.

If you’re developing a new app with Mobile SDK 4.3 or earlier, the Mobile SDK template puts these exceptions in your info.plist file. Be sure to remove them before submitting your app.

How to Fix Your App

Fixing your app is actually simple. You just remove the exceptions from your info.plist file, rebuild, and resubmit to the App Store.

Salesforce Mobile SDK gives you two options for proactively fixing this problem in plenty of time:

  • Now that Salesforce servers comply with Apple’s policies, you can go ahead and remove your exceptions today, well before the deadline, and resubmit to the App Store. Follow the example link below to see what needs to be removed.
  • If you’re too busy to remove the exceptions now, there’ll be an easier way in mid-December: the Mobile SDK 5.0 release. The new release updates our app templates to remove these exceptions. If you simply upgrade your app with forceios 5.0, you’ll get the updated configuration for free–no manual labor required.


To see an example of how we’ve removed the exceptions, check out this pull request:

iOS template for Mobile SDK 5.0:  https://github.com/forcedotcom/SalesforceMobileSDK-Templates/pull/6