TLS pinning can be difficult to get right in code. Luckily, Apple has a new feature in App Transport Security (ATS) that makes pinning certificates much easier.
In an application’s Info.plist, new configuration can be added to NSAppTransportSecurity in the form of a dictionary with the key NSPinnedDomains. In this dictionary, you create additional dictionaries with the key being the particular hostname of the server you are connecting to. ATS allows you to pin the certificate authorities (CAs) as well as the leaf certificate using SHA-256 BASE64 encoded SPKI fingerprints....
With the advent of App Transport Security in iOS 9 and macOS 10.11, Apple began pushing developers into using more secure transportation channels for their applications' data. When an application is linked to those SDKs, the underlying networking stack enforces ATS compliance and the application becomes more secure. ATS’s requirements are quite easy to satisfy:
Connections use HTTPS instead of HTTP Servers must present a certificate from a valid Certificate Authority The certificate must be signed with a RSA 2048+ bit or an ECC 256+ bit key The certificate must have a Secure Hash Algorithm 2 (SHA-2) digest of at least SHA-256 The certificate must be present in the Certificate Transparency (CT) logs The connection must use Transport Layer Security (TLS) 1....