In earlier days, whenever I want to retrieve data there did not need to add NSAppTransportSecurityset the NSAllowsArbitraryLoads key to YES in info.plist, But now if you are going to run your app over network, then it must be added.
Why it is required? How it is useful? What is the usage of it?
Can anyone help, Please?
App Transport Security was introduced with iOS9 as an additional security feature when connecting your app to the web.
From Apple's documentation:
App Transport Security is a feature that improves the security of connections between an app and web services. The feature consists of default connection requirements that conform to best practices for secure connections. Apps can override this default behavior and turn off transport security.
One of the requirements is that all connections have to use HTTPS. This is why all connections that only use HTTP will fail on iOS9.
If you are using a service that is not available via HTTPS, you can still use it by overriding the App Transport Security. That's what the NSAppTransportSecurity dictionary in your Info.plist file is for. There you can define which App Transport Security requirement you wish to override.
For example NSAllowsArbitraryLoads disables all security requirements for any domains. You can define exceptions in the NSExceptionDomains dictionary, but if you don't do that all domains will be allowed to connect to your app without App Transport Security.
When you want to connect to a single domain that does not use HTTPS you should not use NSAllowsArbitraryLoads because that disables all the security for all domains. Instead you should specifically override the HTTPS requirement for this one domain only.
You can do that like this in your Info.plist file:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>yourdomain.com</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
</dict>
To sum things up: App Transport Security is a good thing, because it encourages you to use HTTPS connections which are more secure than ordinary HTTP connections. Because you cannot always use HTTPS it offers you the opportunity to allow insecure connections. It is good practice to use these security overrides only exactly where you need them.