IBM MobileFirst Platform Foundation support for iOS 9

Note: Apps that are built with IBM MobileFirst Platform Foundation v6.0 to v7.1 are supported on iOS 9 GM Seed build.

This blog details iOS 9 support in MobileFirst Platform v6.0 to v7.1, and the steps that developers and IT administrators might need to take.

Some of the action items that are addressed in the list below are not under IBM’s control. Therefore, we expect developers and IT managers to ensure that their infrastructure is up-to-date according to Apple’s requirements.

Existing apps

Existing apps that were created using MobileFirst Platform v6.0 or later will work on iOS9 as they did on previous versions of iOS.
There is one exception: If the app uses extended application authenticity protection, you must upgrade to Xcode 7 and apply an interim fix. Detailed steps here.

Updating apps on the App Store (with Xcode 6.4)

If you do not use extended application authenticity protection, you can opt to build apps with Xcode 6.4 and republish to the App Store.

Updating existing apps or submitting new apps on the App Store (with Xcode7 and iOS 9 features)

Review the following sections to learn what actions you need to take so that your app can support iOS 9.


iOS9 introduces a new feature called bitcode, an intermediate code uploaded to the Apple App Store. Apple compiles the bitcode of the application to optimize it for each type of devices. To learn more about bitcode, see the Apple documentation.

At this time, the IBM MobileFirst Platform SDK does not support bitcode. Your application will fail to build with Xcode 7 unless you disable bitcode. If bitcode is enabled, you will see an error message.

Action required

Disable bitcode for your project: In Xcode, select Build Settings > Build Options and set Enable Bitcode to No.

Application Transport Security (ATS)

Your application will not be able to communicate with the back end by using plain HTTP or older SSL/TLS protocols.


The new Application Transport Security feature helps to ensure that the communication layer between your app and the server is protected in the best possible way. No client-side modifications are required to support this feature, however you should make sure that your server is protected by the latest Transport Layer Security technology called TLS1.2 with forward secrecy.

ATS is activated automatically if your application targets iOS 9. If your server does not meet Apple’s requirements, you might see the following message in the Xcode Console:

CFNetwork SSLHandshake failed (-9801)
Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." Application Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.

Action required

To handle ATS in MobileFirst Server or to work around the enforcement for development server, read this blog post: How to enable App Transport Security for iOS 9 in IBM MobileFirst Platform Server.

Extended application authenticity protection

Applications that are built with MobileFirst Platform Foundation v7.0 or v7.1 and configured with extended app authenticity protection might fail to connect to MobileFirst Server if you are running on an iOS 9 device.


iOS apps that are uploaded to Apple App Store contain multiple binary slices for multiple device architectures. For devices running iOS 9, the required slices are downloaded, making the application significantly smaller than it is today.

The MobileFirst extended app authenticity protection feature uses the .ipa file that is uploaded to the App Store and the application binary that is installed on the device.

As a result of the changes done in iOS 9, the extended authenticity test might produce a false condition, thus not allowing the application to connect to the MobileFirst Server instance.

Action required

Apply the following interim fixes to resolve the issue and continue to use extended authenticity protection with iOS 9.

Note: The Application Center client needs no modification for iOS 9.
The Application Center WAR files that are installed in the server need no modification for iOS 9.

IPv6 support

Apple requires IPv6 support for all iOS 9 applications. Support for IPv6 is one of the prerequisites for successfully passing App Store review. Currently, it looks like this requirement does not apply if you are not deploying your application through App Store, for example if you are using IBM Application Center or another means of enterprise distribution.


You can watch the official announcement in this Platforms State of the Union video (at, starting at 35:10). Some carriers across the globe are starting to deploy IPv6-only networks. If your application does not support IPv6, it will simply not work.

Action required
Apple recommends to check the following points. You might need to modify your application code accordingly:

  • Use the networking frameworks provided by Apple (for example, NSURLSession).
  • Avoid using IPv4-specific APIs.
  • Avoid hard-coding IP addresses.

Note: In most cases, no or minimal work is required to comply with this requirement. If you have applied best practices and used APIs provided by Apple, everything will continue to work. That said, it is important to distinguish the following cases:

  • For using MobileFirst SDK APIs, no code change is necessary. However, you might need to make sure that your server is referred to by a DNS name and not an IPv4 address.
  • If you make server requests by any means other than MobileFirst SDK, such as NSURLSession, NSURLConnection, AFNetworking, you might need to manually adjust those invocations according to Apple’s recommendations in order to support IPv6.

To help developers in testing IPv6 support in their apps, Apple provides a way to enable a WiFi hotspot on Mac. This facility works in IPv6-only mode. The topic of IPv6 support was discussed in more detail in a “Your App and Next Generation Networks” session. You can watch it here: WWDC 2015.

Additional information:
Apple will require ipv6 support for all iOS9 apps and WWDC 2015 ipv6 session.


The NSURLConnection API is deprecated.

Action required

If you use the MobileFirst SDK for making requests to your server, you don't have to worry about it. However, if you use NSURLConnection in your application code, you might want to consider updating it to a newer version of the NSURLSession API.

Additional information
WWDC 2015.

Apps using Dojo

Apps that are built with Dojo 1.10.x and 1.9.x continue to work in iOS 9, except for some minor issues.

Action required

The following minor issues have been observed:

  • There is a theme detection issue, which hurts only when non-custom themes are used with 1.10.x, not 1.9.x. Details and a workaround are available on this Dojo Toolkit page, at
  • If you tap an item before the animation finishes, this action might cause an incorrect transition. Details and a workaround are available on this Dojo Toolkit page, at

IBM Application Center

IBM Application Center from MobileFirst Platform Foundation, versions 6.0 - 7.1 works with iOS 9 under the following conditions:

  • Apache Tomcat server:

    The server runs as expected with IBM Java 6, IBM Java 7, IBM Java 8, and Oracle Java 7.
    TLS 1.2 is enabled in the web server/application server.
    Oracle Java 6 is not supported in combination with iOS 9 because it does not support TLS 1.2.
    Oracle Java 8 can be supported only with a modified Weak DH/LogJam vulnerability fix.

  • Websphere Liberty Profile server:

    The server runs as expected with IBM Java 6, IBM Java 7, IBM Java 8, Oracle Java 7, and Oracle Java 8.

    Among other protocols, TLS 1.2 is enabled. In practice, for older devices or non-iOS devices to be supported, you should also enable TLS 1 and TLS 1.1.

    If no firewall or web server is present, then Oracle Java is preferred because Android 5 devices work better with Oracle Java. iOS 9 can communicate with both IBM Java and Oracle Java.

  • Websphere Full Profile Server:

    The server runs as expected with IBM Java, included in WebSphere.

    Among other protocols, TLS 1.2 is enabled. In practice, for older devices or non-iOS devices to be supported, you should also enable TLS 1 and TLS 1.1.

IBM MobileFirst Test Workbench

The MobileFirst Test Workbench plug-in currently does not support iOS 9 testing.

WatchOS 2

Apple has released a beta preview of WatchOS 2, a new version of the Watch operating system for Apple Watch.


In WatchOS 1, a WatchKit app had two parts:

  • WatchKit app: Application storyboards and resources residing on an Apple Watch.
  • WatchKit extension: Application code running on an iPhone

For more information, see the WatchKit App Architecture article in the Apple documentation.

Action required

Starting with WatchOS 2, a new application model is introduced, called native Watch Applications, where application code directly runs in the Apple Watch. Though your WatchOS 1 apps might still be supported, our suggestion would be to upgrade your existing Watch apps to native watch application model for best application performance.

Note: At this time, the IBM MobileFirst Platform SDK does not support bitcode, therefore it does not support WatchOS 2 apps.

Additional information

WWDC 2015.

Inclusive terminology note: The Mobile First Platform team is making changes to support the IBM® initiative to replace racially biased and other discriminatory language in our code and content with more inclusive language. While IBM values the use of inclusive language, terms that are outside of IBM's direct influence are sometimes required for the sake of maintaining user understanding. As other industry leaders join IBM in embracing the use of inclusive language, IBM will continue to update the documentation to reflect those changes.
Last modified on May 02, 2016