iOS9 GoogleAnalytics and NSAppTransportSecurity

Question

I am running into trouble due to the new security opportunity from Apple\'s iOS9 to restrict ssl requests to any kind of servers.

See reference: https://developer.ap

Answer 1

Actually the above configuration was slightly wrong, I found a working approach.

-- Short story start --

Basically, the above approach was mostly correct, but I came up to check the configuration again, when I had a look at the established network connection from Mac OS 10.10 and OS 10.11

openssl s_client -connect ssl.google-analytics.com:443 -status

Mac OS 10.10 made use of TLSv1.2, while Mac OS 10.11 for whatever reason used TLSv1.0

-- Short story end --

So, after rethinking the attributes, I removed the Certificate transparency NSRequiresCertificateTransparency, as the default is also set to be false and not true. The following configuration now works for me:

NSAppTransportSecurity
    
        NSAllowsArbitraryLoads
        
        NSExceptionDomains
        
            ssl.google-analytics.com
            
                NSThirdPartyExceptionMinimumTLSVersion
                TLSv1.2
                NSThirdPartyExceptionRequiresForwardSecrecy
                
                NSThirdPartyExceptionAllowsInsecureHTTPLoads
                
            
        
    

Additional note: although google makes use of this "experimental standard" (certificate transparency):https://en.wikipedia.org/wiki/Certificate_Transparency It seems to not make use of it in google analytics :-)