Part 1: Network Communication Policy
| Item | Content |
|---|---|
| Document Name | Part 1: Network Communication Policy |
| Product Name | DTA Wide Sleep Management Platform |
| Date | 2026-02-10 |
| Scope | Part 1 (Mobile App) |
1. TLS Policy
1.1 TLS Version and Cipher Suites
| Item | Release Build | Debug Build |
|---|---|---|
| Minimum TLS Version | iOS default ATS policy (TLS 1.2+) | iOS default ATS policy |
| Cipher Suite | iOS system defaults | iOS system defaults |
| Perfect Forward Secrecy | ✅ iOS ATS default requirement | ✅ iOS ATS default requirement |
Note:
- iOS 18.0+ minimum support means TLS 1.3 is negotiated by default
- Uses iOS default ATS policy without additional Info.plist NSAppTransportSecurity configuration
2. App ↔ API Communication Flow
3. Error Handling and User Notifications
3.1 Network Error Types
| Error Type | HTTP Status | User Message | Developer Log |
|---|---|---|---|
| Connection Failure | - | "Cannot connect to server. Please check your internet connection." | Connection timeout |
| Authentication Error | 401 | "Your login has expired. Please log in again." | Unauthorized |
| Permission Error | 403 | "You don't have permission to access this." | Forbidden |
| Server Error | 500 | "A temporary error occurred. Please try again later." | Internal server error |
3.2 Error Handling Flow
4. External Service Communication
4.1 Firebase Cloud Messaging (FCM)
| Item | Configuration |
|---|---|
| Protocol | HTTPS (TLS 1.3) |
| Data Transmission | Device token only (sensitive data excluded) |
| Payload Encryption | ✅ End-to-End (app-level AES-256) |
4.2 Firebase Crashlytics (Crash Monitoring)
| Item | Configuration |
|---|---|
| Protocol | HTTPS (Google managed) |
| Data Transmission | Crash reports, anonymized device information |
| Firebase Analytics | Production disabled (IS_ANALYTICS_ENABLED=false) |
5. Response Integrity and Authenticity Verification
5.1 Current iOS Response Validation Layer Status
| Validation Layer | Reference File | Notes |
|---|---|---|
| TLS Transport Encryption | Ext+URLSessionConfiguration.swift | iOS ATS default policy |
| HTTP Status Code Validation | LiveSleepQDENetworkManager+UrlSession+Run.swift | 2xx/4xx/5xx branch handling |
| Swift Decodable Type Validation | NetworkSerialization.swift | JSON structure and type validation only |
| Response Body HMAC/Signature Validation | ❌ Not implemented | - |
| Response Header (Content-Type, etc.) Validation | ❌ Not implemented | - |
5.2 Current Response Validation Flow
Evidence and References (Artifacts)
- URLSession Configuration Code -
Ext+URLSessionConfiguration.swift(cache policy, timeout) - ATS Configuration - iOS default ATS usage
- TLS Configuration Validation - [TODO: SSL Labs scan execution needed]
- Token Refresh Code -
+UrlSession+Run.swift(401 auto-refresh, exponential backoff) - Error Handling Code - Network error handling
- Rate Limiting Implementation - Server-side Redis-based (100 req/min per user)
- Communication Flow Diagram - Section 2 of this document
- Firebase Crashlytics Configuration -
GoogleService-Info-prod.plist - Android Network Security Config - [TODO: Android implementation planned]
| Regulation | Requirement | Implementation | Evidence |
|---|---|---|---|
| BSI TR-03161 Part 1 | Secure communication channel | TLS (iOS ATS default), Certificate Pinning [TODO: Not implemented] | URLSession configuration code |
| GDPR Article 32 | Transmission encryption | TLS (iOS ATS default) | This document |
| OWASP MASVS-NETWORK | Network security | TLS (iOS ATS), Certificate Pinning [TODO: Not implemented] | [TODO: MobSF execution needed] |