Convert App Transport Security Plist to JSON

App Transport Security Configuration

App Transport Security (ATS) is enforced by iOS and macOS to require HTTPS connections. Exceptions are configured in Info.plist under the NSAppTransportSecurity key. Converting this to JSON helps with documentation and automated security audits.

Plist Structure

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSAllowsArbitraryLoads</key>
  <false/>
  <key>NSExceptionDomains</key>
  <dict>
    <key>api.legacy-service.com</key>
    <dict>
      <key>NSExceptionAllowsInsecureHTTPLoads</key>
      <true/>
      <key>NSExceptionMinimumTLSVersion</key>
      <string>TLSv1.2</string>
      <key>NSIncludesSubdomains</key>
      <true/>
    </dict>
    <key>cdn.example.com</key>
    <dict>
      <key>NSExceptionAllowsInsecureHTTPLoads</key>
      <false/>
      <key>NSExceptionRequiresForwardSecrecy</key>
      <false/>
    </dict>
  </dict>
</dict>

JSON Output

{
  "NSAppTransportSecurity": {
    "NSAllowsArbitraryLoads": false,
    "NSExceptionDomains": {
      "api.legacy-service.com": {
        "NSExceptionAllowsInsecureHTTPLoads": true,
        "NSExceptionMinimumTLSVersion": "TLSv1.2",
        "NSIncludesSubdomains": true
      },
      "cdn.example.com": {
        "NSExceptionAllowsInsecureHTTPLoads": false,
        "NSExceptionRequiresForwardSecrecy": false
      }
    }
  }
}

Deeply Nested Dictionaries

ATS configuration showcases three levels of nesting: the top-level dict, the NSExceptionDomains dict, and each domain's configuration dict. The JSON representation makes the hierarchy clearer and easier to process with standard JSON tools like jq for security auditing.

Security Review Workflow

Teams often export ATS settings to JSON for code reviews and compliance checks. The JSON format integrates naturally with CI/CD security scanners that verify no unnecessary exceptions are present before App Store submission.