The Wonderful World of Private iPhone APIs

14 Jan 2011 – Denver, CO

Also known as “How to get your app submission quickly rejected from the Apple AppStore”. Christmas was epic – plenty of beer, parties, and the kids had a blast. I also had plenty of time to catch up on a few projects, so there’s lot of material to blog about.

First up, off the top of my head, was the discovery that not all is as it seems with the iPhone SDK. Lets start by making an SSL/HTTPS call from the phone:

NSData *data = [NSURLConnection sendSynchronousRequest:urlRequest returningResponse:&response error:&error];

Vanilla stuff. Except, that if you’re SSL certificate is phoney or not valid, the phone’s going to complain bitterly with an “untrusted server certificate” error. Fair enough, but what if we don’t have a real SSL certificate ? What if we’re on some ad-hoc test machine and not production ?

And to the rescue comes a private API. Private as in its there in the SDK but the documentation doesn’t reflect it. Kind of like a little mini-christmas from Apple.

We simply add this to our delegate and we’re good to go. In short:

  + (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host

  	return YES; // Or whatever logic

My understanding is that having a private API in your code will result in your app getting rejected from the AppStore, so remember to take it out before you submit.

One final note of importance – epic album – Gargantuan #minimal/#progressive/#techno.

Lee Burridge - Balance 12