This document summarizes the WWDC 2017 reading session. It discusses topics around network security standards, privacy and apps, advances in networking technology, and new features for Apple Pay Wallet. Specific areas covered include app transport security, privacy prompts, location services, device check, multipath TCP, URL session updates, and enhanced support for donations and error handling in Apple Pay.
2. Outline
• Your Apps and Evolving Network Security Standards
• Privacy and Your Apps
• Advances in Networking
• What's new in Apple Pay Wallet
3. • Your Apps and Evolving Network Security Standards
• Privacy and Your Apps
• Advances in Networking
• What's new in Apple Pay Wallet
4. Your Apps and Evolving Network Security Standards
• Best Practices
• App Transport Security
• Transport Layer Security
5. Your Apps and Evolving Network Security Standards
Best Practices
6. Your Apps and Evolving Network Security Standards
Best Practices
7. Your Apps and Evolving Network Security Standards
Best Practices - Revocation
Online Certificate Status Protocol (OCSP)
8. Your Apps and Evolving Network Security Standards
Best Practices - Revocation
Online Certificate Status Protocol (OCSP)
• Additional network connection
• Compromises user privacy
• Requires app opt-in
9. Your Apps and Evolving Network Security Standards
Best Practices - Revocation
Online Certificate Status Protocol Stapling (OCSP Stapling)
10. Your Apps and Evolving Network Security Standards
Best Practices - Revocation
Online Certificate Status Protocol Stapling (OCSP Stapling)
• Slow adoption
• Malicious server
11. Your Apps and Evolving Network Security Standards
Best Practices - Revocation
Certificate Transparency Log
12. Your Apps and Evolving Network Security Standards
Best Practices - Revocation
Certificate Transparency Log
• Reduced privacy compromise
• Automatic updating
• Faster connections
Certificate in iOS: https://support.apple.com/en-us/HT204132
13. Your Apps and Evolving Network Security Standards
Best Practices - Trust Removals
• SHA-1 signed certificates for TLS
• Certificates using <2048-bit RSA for TLS
14. Your Apps and Evolving Network Security Standards
Best Practices - Trust Removals
• Not affect
- Root certificates
- Enterprise-distributed certificates
- User-installed certificates
- Client certificates
• Affect
- InvalidCertChain (-9807) SSL errors with URLSession
15. Your Apps and Evolving Network Security Standards
Best Practices - Trust Removals
16. Your Apps and Evolving Network Security Standards
Best Practices - What to Do Now?
• Check implementations, libraries, and servers
• Avoid ATS exceptions
17. Your Apps and Evolving Network Security Standards
App Transport Security - Update
• Exceptions narrow down to per domain
• Exceptions expansion beyond WebKit (Certificate
Transparency requirement)
- AVFoundation loads
- WebView request
- Local network connection
18. Your Apps and Evolving Network Security Standards
ATS-Compliant Services
19. Your Apps and Evolving Network Security Standards
Transport Later Security
20. Your Apps and Evolving Network Security Standards
Enable TLS 1.3 Beta
• Not on by default
• iOS
https://developer.apple.com/go/?id=tls13-mobile-profile
• macOS
defaults write /Library/Preferences/com.apple.networkd tcp_connect_enable_tls13 1
21. • Your Apps and Evolving Network Security Standards
• Privacy and Your Apps
• Advances in Networking
• What's new in Apple Pay Wallet
26. Privacy and Your Apps
Prompting with Purpose - Location
Support When In Use location authorization
• NSLocationWhenInUseUsageDescription
• NSLocationAlwaysAndWhenInUseUsageDescription
27. Privacy and Your Apps
Prompting with Purpose - Location
When In Use location authorization undefined in iOS 10
28. Privacy and Your Apps
Prompting with Purpose - Location
When In Use location and Always authorization both defined
in iOS 10
29. Privacy and Your Apps
Photo Library access in iOS 11
• Image picker without prompting for access
• Write only support
• Authorization will be reset on upgrade
30. Privacy and Your Apps
Photo Library write only access in iOS 11
NSPhotoLibraryAddUsageDescription
• UIImageWriteToSavedPhotosAlbum
• UISaveVideoAtPathToSavedPhotosAlbum
31. Privacy and Your Apps
Core NFC
NFCReaderUsageDescription
• Scan for nearby NFC tags
• In the foreground
32. Privacy and Your Apps
Microphone - Watch OS
• Recording allowed to continue in the background
• Recording possible without the built-in modal UI
• Requires microphone authorization
• Indicator on watch face
33. Safari and other apps get their own cookies and website data
Clearing website data in Safari also clears the data in your app
Privacy and Your Apps
Safari View Controller
34. Privacy and Your Apps
On-Device Processing
• CoreML
• VisionKit
• ARKit
• NLP
35. Privacy and Your Apps
DeviceCheck
• iOS, tvOS
• Per device, per developer data
stored by Apple
• Two bits and a timestamp
50. Advances in Networking
New Network Extension facilities - NEDNSProxyProvider
• Receives the system’s DNS query messages
• Handles them as it wishes
- Can send to recursive resolver of its choice
- Can send using protocol of its choice
‣ DNS over TLS
‣ DNS over HTTP
52. Advances in Networking
Multipath protocols for multipath devices
• Triggered by Marginal Wi-Fi
• “Fittest Wins Out” contest
between Wi-Fi and Cell
• Wi-Fi has head start over Cell
• On a flow by flow basis, at
flow setup time
53. Advances in Networking
Multipath TCP
• Built on top of TCP
- Reliability
- Congestion control
• Seamless handover from Wi-Fi to Cell
• Chooses optimal interface for latency-sensitive flows
54. Advances in Networking
Multipath TCP
• MPTCP schedules traffic
across the interfaces
• One “TCP subflow” per
interface
• MPTCP creates/destroys
subflows
55. Advances in Networking
Multipath TCP in Siri
• Implemented since iOS 7 for
Siri
• User feedback (time to first
word) 20% faster in the 95th
percentile
• 5x reduction in network
failures
56. Advances in Networking
Multipath TCP in iOS11
• Server support
• Multipath service types
- Handover Mode
- Interactive Mode
• URLSession API
58. Advances in Networking
Multipath service types in iOS 11
• Handover Mode for high reliability
• Interactive Mode for low latency
59. Advances in Networking
Multipath service types - Handover
• Reliability for persistent
connections
• Minimal cell usage
• Available in Beta 1
60. Advances in Networking
Multipath service types - Interactive
• Low latency for low-volume
interactive flows
• Wi-Fi and cellular
• Available in an upcoming Beta
62. Advances in Networking
Multipath service types - Aggregation
• Combines link capacities
• Available through developer settings
• Starting in an upcoming Beta
63. Advances in Networking
URLSession - Current
• Failure causes by weak connectivity
- NSURLErrorNotConnectedToInternet
- NSURLErrorCannotConnectToHost
• Manual retry by user or monitor condition by
SCNetworkReachability
64. Advances in Networking
URLSession
• New URLSessionConfiguration property
var waitsForConnectivity: Bool
• New URLSessionTaskDelegate method
urlSession(_:taskIsWaitingForConnectivity:) - optional
65. Advances in Networking
URLSession
• Recommendation
- Always enable waitsForConnectivity
• Exception
- Requests that must be completed immediately, like
transaction
68. Advances in Networking
URLSessionTask Scheduling API
• New URLSessionTask property
var earliestBeginDate: Date?
• New URLSessionTaskDelegate method called only when
earliestBeginDate been set
urlSession(_:task:willBeginDelayedRequest:completionHandler:) - optional
70. Advances in Networking
URLSessionTask Scheduling API
New property for better scheduling by system
var countOfBytesClientExpectsToSend: Int64
var countOfBytesClientExpectsToReceive: Int64
NSURLSessionTransferSizeUnknown if cannot be estimated
71. Advances in Networking
URLSessionTask Progress
URLSessionTask implements ProgressReporting protocol
class URLSessionTask : NSObject, NSCopying, ProgressReporting
public var progress: Progress { get }
73. Advances in Networking
URLSession Enhancements
• ProgressReporting
• Brotli compression
- Requires HTTPS (TLS)
• Public Suffix List updates
74. • Your Apps and Evolving Network Security Standards
• Privacy and Your Apps
• Advances in Networking
• What's new in Apple Pay Wallet
75. What's new in Apple Pay Wallet
Apple Pay for Donations
• Accept donations for your nonprofit simply and securely
• Available within apps and on the web
• New donation button style
• https://developer.apple.com/support/apple-pay-
nonprofits/
76. What's new in Apple Pay Wallet
Apple Pay Make Purchasing Easier
77. What's new in Apple Pay Wallet
Other Benefits Of Apple Pay
• Reduction in chargebacks
• No need to handle or store credit card numbers
• Trusted user experience
79. What's new in Apple Pay Wallet
Apple Pay - Inline Setup
• Apple Pay setup is now offered automatically
• Simply present an Apple Pay sheet to a user without
cards
• Users are returned to your Apple Pay purchase
immediately after setup
• Still faster than a typical manual checkout
80. What's new in Apple Pay Wallet
Apple Pay - Payment Errors
• Payment instrument failed to process
• Billing address didn’t match
• Email address was invalid
• Postal address had an incorrect ZIP
• Telephone was missing an area code
81. What's new in Apple Pay Wallet
Apple Pay - Payment Errors
82. What's new in Apple Pay Wallet
Apple Pay - Custom Errors
• Gracefully handle invalid or incorrect data directly in
Apple Pay
• Display custom error messages
• Direct users to the specific fields that need correction
83.
84. What's new in Apple Pay Wallet
Apple Pay - Custom Errors
85. What's new in Apple Pay Wallet
Apple Pay - Custom Errors
86. What's new in Apple Pay Wallet
Apple Pay - Custom Errors
87. What's new in Apple Pay Wallet
Apple Pay - Custom Errors
88. What's new in Apple Pay Wallet
Apple Pay - Custom Errors
New callback
89. What's new in Apple Pay Wallet
Wallet
NFC passes
• NFC passes let you send customer information over
• NFC Only encrypted NFC passes supported from iOS 11
• Register for NFC passes at developer.apple.com/apple-
pay
90. What's new in Apple Pay Wallet
Wallet
Sharing
• Passes can now be opted out of sharing
• Useful for single use items like loyalty cards or tickets