[boo_radley]

This is a gross misinterpretation of what Google wrote which is : 1) Changes are coming 2) Here is best practice for app devs-- use https everywhere. 3) If you can't use https right now, figure it out soon 4) During the tranision, people are going to fuck up. To deal with these fuck ups gracefully, you can enable NSAllowsArbitraryLoads while we get our partners sorted out.

[noir]

It's a lazy recommendation. The first 2/3ds of the post are fluff to try and compensate for the fact that their recommendation in the end is "turn off this security feature". ATS is configurable to disable or enable for particular domains. The fact that we've known about ATS for over two months now and this is the best solution Google can come up with means they don't care. They don't care enough to read Apple's documentation and offer a helpful solution.

[ceejayoz]

> To deal with these fuck ups gracefully, you can enable NSAllowsArbitraryLoads while we get our partners sorted out.

And how many apps will forever more have NSAllowsArbitraryLoads enabled because a) Google can't get all their ad partners to switch and b) because devs don't remember to go switch it back off?

[revelation]

Presumably, Apple will remove that option at some point. It's normal deprecation.

Not that I agree they should offer that option, because of course there is no such thing as "gracefully degrading" security.

[leonatan]

How exactly do you see browsers operate without it? It's not going away.

[grrowl]

It is, actually; just maybe not on a timescale you're looking at things on.

Alternatively we could never depreciate it and use it forever, a much worse scenario.