It's not adopted widely because apple is not enforcing it yet.
When Apple drops the hammer and forces developers to use it, then 99% of those apps will release updates within a week (or risk using their subscriber base).
Currently, my app CoreScope does not work in iOS10 because Apple dropped the URL "round trip" ability out of iOS10 completely. I have been working on a way around it but it's quite tough due to the new sandboxing terms. It's much easier for me to make a "plugin" for the FileMaker iOS SDK and offer the features that way.
TL;DR, Rigorously enforcing security, software and hardware standards is why Apple products are usually superior (at least in count of bugs manifested and security breaches) then the windows or android based counterparts. So I welcome a forced security protocol like this.
Thanks! Does anyone know if the current FM SDK 15.0.2 is already in compliance?
With the webviewer object and Insert From URL, I would be wary to say yes. This requires an official FileMaker answer for confirmation.
"This requires an official FileMaker answer for confirmation."
From my reading of the original article, I figure the ATS requirement only applies to FMGo apps that are accessing sites and data that are outside of the LAN. Am I correct??
From my understanding of ATS, the requirement would be for ANY communication between a device and HTTP based web service. My guess would be that it would apply to the FM Go SDK for apps you want to submit, and ALSO with the FileMaker Go app itself.
Meaning that using unsecured URLs in Insert From URL and Web Viewer objects may be blocked when used from inside FileMaker Go.
The only way I would see around it is if FileMaker instituted a private web service that acts as an intermediary between FM Go and the outside world, taking your insecure URL and returning the results all via a secure channel. But that has privacy and usability repercussions written all over it.