Silly question: Does Apple provide specific guidelines for contacting servers via http vs https? Also, what data is considered to require https (ie password, geopoint, bank data, etc.) Is there a concrete guideline from Apple on this? More specifically, does anyone know exactly how Apple checks/verifies that an application should or should not be "pulled" from the appstore? Does this even exist or is it a secret?
My manager is worried about not getting approved unless we do everything via https. I think this is a big mistake. Our application basically deals with timesheet and expense data for employees (ie I drove this number of miles, worked on this project for 2 hours, etc.) Because, subsequent to logging in, there are no passwords, geopoint locations, etc., I feel that https for authentication only would be ideal for obvious performance reasons. But perhaps there's are specific guidelines from Apple? Search on http://developer.apple.com, but didn't find, help/links would be appreciated. Thanks all.