Will Apple approve App which communicates over HTTPS using Self Signed Certificate?

Question

I am very very new to Mobile Apps development and HTTPs. Please bear with me... I need your advice!

My iPhone app communicates with a server over HTTPS with uses Self Signed Certificate.

To fix situation with a warning message that my server is untrusted I used NSURLConnection delegate methods and this approach:

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
    if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
    {
        [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
    }

    [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}

1. My first question is this: Will Apple approve this approach? Is it an allowed and legal way of dealing with HTTPs Requests when communicating with a server that uses Self Signed Certificate?

2. When using the above mentioned approach to give my consent and still connect to an untrusted server, is my data going to be send over HTTPs and will it be encrypted?

Answer 1

People do this all the time with Apple apps, for better or worse, without app store rejection. However, a safer approach would be to (1) use an officially-signed certificate, or (2) get your app to accept only your self-signed certificate.

Answer 2

1. There is no issue with approach that could result in rejection.
2. If the request is POST type then the data will be encrypted. But for more security you can add more encryption to your data if required.