Hello everyone,
What's the situation nowadays for deploying from Unity to Apple Store in regards to their ATS (App Transport Security) requirements?
From what I understand the short definition of ATS is: if your app connects to a server you have control over, you MUST use HTTPS. In other words we should all be using InitCrypto and certificates even if very little sensitive data is transmitted and the ones that are are encrypted from the client before transit, right?
I suspect their review process to be a lot heavier now than a few years back, with data safety forms to fill that could grab their attention towards our practices.
Apple's App Transport Security requirements
Re: Apple's App Transport Security requirements
Hi,
if you deploy an SSL certificate and activate encryption in your zone all data will be TLS encrypted (TCP, UDP, Websocket etc...)
From client side you just need to add one extra step, which you mentioned, calling SmartFox.InitCrypto() right after the connection.
Cheers
if you deploy an SSL certificate and activate encryption in your zone all data will be TLS encrypted (TCP, UDP, Websocket etc...)
From client side you just need to add one extra step, which you mentioned, calling SmartFox.InitCrypto() right after the connection.
Cheers
Re: Apple's App Transport Security requirements
Thanks,
Is there anything in particular we have to look out for when buying an SSL certificate considering the server's main use is Smartfox? E.g. do we have to worry about response time (at login, then after) or the number of connections we can get over a certain period? (I get about 15,000 during a day).
I was thinking of grabbing PositiveSSL from namecheap since it bears its name well but it says "great for personal". I have a single domain/server.
Thank you again
Is there anything in particular we have to look out for when buying an SSL certificate considering the server's main use is Smartfox? E.g. do we have to worry about response time (at login, then after) or the number of connections we can get over a certain period? (I get about 15,000 during a day).
I was thinking of grabbing PositiveSSL from namecheap since it bears its name well but it says "great for personal". I have a single domain/server.
Thank you again
Re: Apple's App Transport Security requirements
There is nothing special about the SSL certificate.
The only differences among certificates is the level of validation that is performed (domain or organization and Extended validation). These however do not impact performance metrics. They only offer different levels of trust to the final user.
You can read more on this here:
https://www.globalsign.com/en/ssl-infor ... ertificate
For most use cases, included the one you have mentioned any certificate will do. The high end ones are also very expensive and typically used only by large corporations.
No, not at all.
Cheers
The only differences among certificates is the level of validation that is performed (domain or organization and Extended validation). These however do not impact performance metrics. They only offer different levels of trust to the final user.
You can read more on this here:
https://www.globalsign.com/en/ssl-infor ... ertificate
For most use cases, included the one you have mentioned any certificate will do. The high end ones are also very expensive and typically used only by large corporations.
E.g. do we have to worry about response time (at login, then after)
No, not at all.
Cheers
Re: Apple's App Transport Security requirements
Hello Lapo,
I installed PositiveSSL and everything went very well with the explanations from your docs. (Maybe you could add that a server reboot is necessary even at the end of the non-manual method, but that's kind of obvious)
My idea was to do a smooth transition with the client apps as such:
- players using the current/old version would keep connecting to Zone X non encrypted, and get in-game messages encouraging them to upgrade their app from Play/Apple Store
- players using the newest version would connect to the same Zone with encryption on
and everyone would see each other.
I thought this was doable because the "Use encryption" flag in Zone configuration says
"If turned on, the server will only accept encrypted connections for this Zone; otherwise either encrypted and non-encrypted connections are allowed"
So I let that flag to OFF, but if I try to connect from the Unity Editor using parameters HttpsPort=443, TcpPort = 9933:
- It connects
- OnInitCrypto is called
- I get "[SFS - ERROR] [TCPSocketLayer] Connection closed by the remote side" and the server log shows "com.smartfoxserver.v2.exceptions.SFSRuntimeException: Login rejected. The requested Zone does not support encryption"
SFS2X version 2.15.0 running on Amazon Linux 2.
So basically I might have to setup a new Zone with encryption ON, the new client apps will connect to that zone and the player base will move to it progressively? It would be a bit bad, but not nearly as bad as setting up a new server entirely.
I installed PositiveSSL and everything went very well with the explanations from your docs. (Maybe you could add that a server reboot is necessary even at the end of the non-manual method, but that's kind of obvious)
My idea was to do a smooth transition with the client apps as such:
- players using the current/old version would keep connecting to Zone X non encrypted, and get in-game messages encouraging them to upgrade their app from Play/Apple Store
- players using the newest version would connect to the same Zone with encryption on
and everyone would see each other.
I thought this was doable because the "Use encryption" flag in Zone configuration says
"If turned on, the server will only accept encrypted connections for this Zone; otherwise either encrypted and non-encrypted connections are allowed"
So I let that flag to OFF, but if I try to connect from the Unity Editor using parameters HttpsPort=443, TcpPort = 9933:
- It connects
- OnInitCrypto is called
- I get "[SFS - ERROR] [TCPSocketLayer] Connection closed by the remote side" and the server log shows "com.smartfoxserver.v2.exceptions.SFSRuntimeException: Login rejected. The requested Zone does not support encryption"
SFS2X version 2.15.0 running on Amazon Linux 2.
So basically I might have to setup a new Zone with encryption ON, the new client apps will connect to that zone and the player base will move to it progressively? It would be a bit bad, but not nearly as bad as setting up a new server entirely.
Re: Apple's App Transport Security requirements
Bathory wrote:So basically I might have to setup a new Zone with encryption ON, the new client apps will connect to that zone and the player base will move to it progressively? It would be a bit bad, but not nearly as bad as setting up a new server entirely.
It seems I'll have to do that, as explained in a few old topics like this one:
https://www.smartfoxserver.com/forums/v ... hp?t=19201
Thanks
Re: Apple's App Transport Security requirements
@Bathory
It's not possibile to mix encrypted and non-encrypted connections in the same Zone. The main reason is that data from non-encrypted clients could potentially expose that of encryped clients when the server broadcasts updates (e.g. messages, postional data, User/Room variables etc..)
To migrate users you will need to use two Zones, one with encryption turned ON and the other set to OFF.
Cheers
It's not possibile to mix encrypted and non-encrypted connections in the same Zone. The main reason is that data from non-encrypted clients could potentially expose that of encryped clients when the server broadcasts updates (e.g. messages, postional data, User/Room variables etc..)
To migrate users you will need to use two Zones, one with encryption turned ON and the other set to OFF.
Cheers
Re: Apple's App Transport Security requirements
No issue, I now understand the reasons for this.
Thanks for the support, love SmartFox, I've been using it for years and would recommend it to anyone.
Thanks for the support, love SmartFox, I've been using it for years and would recommend it to anyone.
-
- Posts: 2
- Joined: 11 May 2023, 09:40
Re: Apple's App Transport Security requirements
if you deploy an SSL certificate and activate encryption in your zone all data will be TLS encrypted (TCP, UDP, Websocket etc...)
From client side you just need to add one extra step, which you mentioned, calling SmartFox.InitCrypto() right after the connection.
From client side you just need to add one extra step, which you mentioned, calling SmartFox.InitCrypto() right after the connection.
Who is online
Users browsing this forum: No registered users and 37 guests