[alexbock]

The instructions they give are not creating an exception for any particular ad servers or just for Google's servers; they're asking developers to enable NSAllowsArbitraryLoads, which disables the security features app-wide for any URL.

[StavrosK]

Still, it's only for developers using their mobile ads SDK. It's not for all developers, which the title implies.

[st3fan]

No, it is not only for developers using their mobile ads SDK. It is for any application that uses their ads SDK. The result of this is that this application will allow arbitrary insecure http loads by default. They take away a very useful safety net.

Why can'g google be more specific about the domains on which to allow insecure http traffic? Because their SDK loads content from arbitrary ad delivery platforms.

[gress]

The title is ambiguous on this point and it's irrelevant to the fact that it's an ugly choice of priorities.

[MrGando]

Can you imagine how many servers would they have to actually add exceptions for?

[mtgx]

NSA -- coincidence?! I think not.