PTKDMobile App Security
Knowledge base / PTKD-NET-ATS-MEDIA
medium M5 MASVS-NETWORK-1 static analysis PTKD-NET-ATS-MEDIA

App Transport Security disabled for media

NSAllowsArbitraryLoadsForMedia permits cleartext/weak-TLS media loads (AVFoundation).

How it's exploited

The media exception (NSAllowsArbitraryLoadsForMedia) lets AVFoundation streams travel over plaintext. An on-path attacker can substitute or record the media content.

Why it matters

Streamed content can be tampered with or monitored; DRM and privacy expectations around media break.

How to fix it

  1. Serve media over HTTPS and remove the exception.
  2. If a CDN blocks this, scope an NSExceptionDomains entry to that CDN host instead of the global media opt-out.

References