In iOS9 Apple added the new "Apple Transport Security" feature to restrict apps that use HTTP protocol requests under the covers. Apple provides Info.plist settings to allow your app to use HTTP. This new feature will affect the execution of apps that use HTTP directly or use components and RTL functions that use HTTP under the covers. Two components in RAD Studio 10 Seattle that use HTTP include TAppAnalytics and TWebBrowser. This blog post shows you how to set these new Info.plist options and also includes a link to sample source code projects for RAD Studio 10 Seattle for Delphi and C++Builder.
The required settings in the Info.plist file use structured data, so we cannot set them from within the IDE in Project/Options. It requires users to make a custom Info.plist for their app. There are two options for how to modify a custom Info.plist file so thart your apps will work correctly for devices that have iOS 9 installed:
Option 1: Go to the bottom of the file and insert the following text above the last "</dict>” tag:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key><true/>
</dict>
This will disable Apple’s App Transport Security feature for all HTTP communications used by the application, for example if you use the TWebBrowser or Project Indy's HTTP component.
Option 2: Go to the bottom of the file and insert the following text above the last "</dict>” tag:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>appanalytics.embarcadero.com</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key><true/>
</dict>
</dict>
</dict>
This will create a permitted exception in the App Transport Security to allow non-secure HTTP communications only with the domain appanalytics.embarcadero.com. All other App Transport Security rules remain in place.
Creating a Custom Info.plist for your application with one of the above settings for your HTTP based iOS 9 or OS X apps (for example if you use TAppAnalytics or TWebBrowser components in your iOS 9 apps – these use HTTP under the covers)
You project’s Info.plist file is regenerated every time deployment is done. You need to save the file to a different location, like you project directory for example. (Note that the 32-bit and 64-bit versions are slightly different). Make your changes in the newly saved file and go to the Deployment Manager (Project/Deployment). Make sure the configuration is set correctly and uncheck the default Info.plist. Add the new custom version and make sure you set the Remote Name to “Info.plist” (case-sensitive). Do this for both the 64-bit and 32-bit deployment.
Here are my Project | Deployment settings for the projects in my example source code which you can find on Code Central at http://cc.embarcadero.com/item/30392
TAppAnalytics samples Info.plist settings in Project | Deployment
TWebBrowser sample Info.plist setting in Project | Deployment
App Transport Security Technote
https://developer.apple.com/library/prerelease/ios/technotes/App-Transport-Security-Technote/
“App Transport Security is a feature that improves the security of connections between an app and web services. The feature consists of default connection requirements that conform to best practices for secure connections. Apps can override this default behavior and turn off transport security. Transport security is available in iOS 9.0 or later, and in OS X v10.11 and later.”