The release of iOS 9 is just around the corner and with that comes App Transport Security. This new feature will enforce that your app's network connections follow best practices. This is handled at a low level and is enabled by default in iOS 9 and OS X El Capitan — and may cause issues in existing apps.

We have a few apps that load data from Amazon Web Services over HTTPS and on iOS 9 they stopped working. The reason being that App Transport Security requires server certificates to be signed with SHA-2 by default and at the moment the AWS certificates use SHA-1.

Amazon has announced AWS will move to SHA-2 by September 30, 2015.

Until then we can add the domain in question as an exception and set NSExceptionRequiresForwardSecrecy to NO. This does not turn off ATS (that would be a bad idea) it simply states that we accept ciphers other than SHA-2.

A quick change to your Info.plist and you’re done!

For more information you should watch Session 711 from WWDC 2015.

Update (Oct 1, 2015)

Looks like this is still not working properly. I ran the ATS diagnostics using nscurl on El Capitan and got these results.

Apple Pay launched in the UK last month and I’d been looking forward to it because now I’d be able to use contactless payment methods when in the US using my UK bank cards.

First available was American Express, and setting up this card was very straightforward. Simply complete the guided process and you’re done.

I had been using Amex’s fantastic Passbook integration for several months now and had grown accustomed to the notifications you receive when you use your card. Its lightning fast too and I’d often get a notification before the receipt had even been printed.

Thankfully this is another feature of Apple Pay so I promptly removed the pass from Passbook — renamed to Wallet in iOS 9.

Next up was HSBC. They were supposed to be ready at launch, but then got delayed until July 28. I tried the following day and it didn't work. Thinking there were probably teething problems on HSBC's side I decided to leave it for a few days.

So last week I try to add my HSBC card and it still wouldn’t work.

After some searching I came across an article with a solution to the problem and I could barely believe it. Then I realized it was HSBC after all — lets just say that our experiences with them have been less than impressive, so this is actually par for the course.

Turns out, you can't add an HSBC card to Apple Pay if you're outside of the UK.

Amazing. #amazing

You have to:

1. Disable Location Services (so your location remains unknown).
2. Use a VPN to tunnel in to the UK. I recommend TunnelBear.
3. Add your card.

Good job HSBC. I guess I feel more secure?

A few months back I wrote about disabling the ability of a user to zoom a web page presented in a WKWebView. This is custom HTML content being displayed in an enterprise app, not a web site, so its not as nefarious as it sounds.

Another wish was to disable callouts. That's the pop-over that shows up when you long-tap on elements in Mobile Safari. They let you copy text, define a word or share a snippet.

There's no property on WKWebView that lets us do this, but we can do this similar to how we disabled the ability to zoom the page.

We pass a custom WKUserScript to our web view which creates a style tag and adds some styling which sets both -webkit-user-select and -webkit-touch-callout to none on all elements except input fields and textarea elements.

As always, remember that these powers should only be used for good.