This seems reasonable (and is certainly much better than doing nothing), but it seems like you could have an even more comprehensive solution by just replacing usage of the system SSL/TLS with usage of SSL/TLS against a copy of OpenSSL shipped with the app, no?<p>I haven't done any iOS dev, so perhaps this isn't feasible, but that puts responsibility for and control of the security of your app entirely in your own hands; is there a reason that it wouldn't be desirable to go that route?