I’m not sure I understand your question but it seems to be centred on whether your app can override HTTPS server trust evaluation, and specifically whether your app can talk to a server whose certificate is not trusted by the system by default. There’s three parts to this:
At a technical level, apps can override HTTPS server trust evaluation as they have always done (see Technote 2232 HTTPS Server Trust Evaluation). However, such overrides only work if you disable App Transport Security (ATS) for the domain in question.
At WWDC 2016 we announced that App Review would soon require reasonable justification for wide-ranging ATS exceptions. The App Store Review for ATS section of the above-mentioned ATS docs has more details on this.
The upshot of this is that, while it is technically possible for your app to connect to a server whose certificate is not trusted by the system, you’ll have to justify the necessary ATS exceptions to App Review. IMO it’s easier to avoid this whole problem by getting a trusted-by-default certificate for your server. Doing that is not necessarily expensive or difficult (indeed, it’s free and easy if you take the Let’s Encrypt path).
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"