iOS 9 has brought in several under-the-hood changes that include bitcoding, app thinning, ATS (App Transport Security), IPv6 related changes and more.
This presentation will cover all the key components developers need to know in order to make the most of iOS 9 and prepare for IPv6 related changes.
4. App Transport Security (ATS): 1-O-1
ATS impacts all network connections using the NSURLConnection,
CFURL, or NSURLSession APIs
ATS requirements:
•The Server must support at least Transport Layer Security (TLS) 1.2
•The supported connection ciphers must provide perfect forward secrecy
•Certificates must be signed with SHA256 or better with at least 2048 bits for
RSA or 256 bits for Elliptic Curve keys.
Unless exceptions are added, all insecure connections will be terminated
5. App Transport Security: What it means for
you?
All assets (static and dynamic) must be served over SSL - even from 3rd
party servers
The Server environment requirements has it’s own costs - Performance
and bandwidth
Support for some of the required ciphers are not widespread - Ensure your
server supports the ciphers required by ATS
Test and optimize extensively to reduce latencies and delays in connection
set up
7. What is App Thinning?
App Thinning is a feature introduced in iOS 9
that allow App Store and OS to optimize the
installation of iOS and watchOS apps by
customizing the app for the capabilities of the
specific device, with minimal footprint
Three Components of App Thinning: App Slicing, Bitcoding, On-demand
Resources
Essentially, Apps are optimized based on device variant for
• Better Performance
• Smaller app install size on device
• Freeing up space by purging unused resources
8. App Slicing
Slicing is the
process of
creating and
delivering
variants of the
app bundle for
different target
devices
9. App Slicing
Without app slicing,
apps on a user’s device
contain universal
resources thereby
making the app heavier
than it should be
10. App Slicing
Slicing will only
download the variant
of the app bundle that
is used by the User’s
device resulting in 20-40%
size reduction!
11. App Slicing - Requirements
To enable app slicing, you must use asset catalogs. Asset catalogs
are the default in most apps at this point. If you are not already
using Asset Catalogs, it is simple to enable - click on the “Use
Asset Catalog” button under Xcode’s project settings as
seen below.
12. On-demand Resources
On-demand resources are app contents that are hosted on the
App Store and are separate from the related app bundle that
you download. They enable:
Smaller app size
Lazy loading of app resources
Remote storage of rarely used resources
Remote storage of in-app purchase resource
Freeing up device storage by purging unused resources
14. Bitcoding
Bitcode is an intermediate representation of a compiled program which can
provide performance improvements for your app
Apple optimizes and re-optimize an app binary for the specific
device architecture without an app update
Customers get the benefits of the latest architectures,
instructions, and optimizations as soon as they're available
17. IPv6
●IPv6 is the most recent Internet Protocol (IP) version replacing IPv4
●Global adoption has been slow but is picking up
●Several mobile carriers are deploying IPv6-only networks
●IPv4 address space completely exhausted
●IPv6 has several performance benefits over IPv4
○Avoids the need for network address translation (NAT)
○Avoids broadcasting for neighbor address resolution
18. Apple and IPv6
●iOS 9 (and OS X) fully supports IPv6-only networks
●IPv6 support - A mandatory requirement for AppStore submissions
for iOS 9
●Support for IPv4 only APIs deprecated with iOS 9
●OS X - El Capitan provides tools to test apps with IPv6
19. Supporting IPv6
●Don’t use or hardcode IP based URLs - Instead, use DNS
●Don’t use IPv4 specific APIs (already deprecated in iOS 9). Instead
use high level networking APIs such as NSUrlSession and
the CFNetwork frameworks
●Test your apps on IPv4 only, IPv6 only and hybrid
networks/server endpoints
●Test for full IPv6 compatibility with each app update
21. What is Content Blocking?
In iOS 9, Apple has introduced a new feature in Safari (And SafariViewController)
that allow easy and superior mechanisms to block content - either en-masse or
selectively.
●Aims to address one or more user needs:
○Performance
○Security
○Privacy
●Safari extensions can block content selectively
●This feature can be used to block cookies, images, resources, pop-ups and other
22. Content Blocking ≠ Ad Blocking
●Tempting to equate content blocking to ad blocking
●Ad blocking is an obvious application of content blocking
●But, content blocking can have privacy or performance or data saving
improvement applications as well
●Improved user Privacy by blocking behavioral trackers and data collectors
●Performance improvements by blocking battery or data hogging content
resulting in
○Decreased page load times
○Increased battery life
23. Blocking Ads through Content Blocking
●With the release of iOS 9, several new “Ad-Blocking” apps have
been introduced
●The content blocking mechanism allows easy blocking of Ads
●These apps only impact Safari and SafariViewController
●In-App ads are not impacted
●Can result in significant improvements to page load times and
reduce data usage, especially when videos (Autoplay or otherwise)
25. Features impacting monetization
Some features in iOS 9 can impact the monetization of your
properties, both in-app and mobile web:
●ATS can block connections to ad networks or DSPs which are non-
compliant
●Content Blocking can be used to block ads (all or selectively)
26. App Transport Security
Recommendation - When using multiple ad networks for
monetization, turn off ATS for the time-being to prevent any loss of
monetization.
WHY?
Ad networks have several channels of getting demand from i.e.
exchanges, DSPs, direct-deals, etc. Every player must support ATS to
prevent unpredictable monetization behavior
27. Mitigating the impact of ATS
Enable ATS only for your domains and domains which are known to
comply with ATS requirements. For all other domains, turn off ATS
OR
Disable ATS entirely which will prevent iOS from forcing HTTPS
connections for all URLs
28. Content blocking
●Content blockers can only be created as a Safari extension
●Consequently, they will be in use for content rendered in
SafariViewController as well
●In-App ads are not impacted by Safari Content blockers
●Impact mitigation -
○Shift to native ads, sponsored editorial content
○Transition to apps from mobile web sites