Let's say I want to build a SDK that communicates with a server. I don't want any one (not even the app that implements the SDK) to intercept and look at my requests/responses.
If I'd use a common lib like AFNetworking it would be possible to look at all requests i.e by registering a NSURLProtocol.
I'm assuming that this would be harder to do if I would use i.e CFNetworking to perform my request/response handling? Or am I missing something? Would it be possible to intercept that traffic as well?
Using non NSURLConnection based classes, especially C low level classes (because
NSIn/OutStreamcan be swizzled) likeCFNetwork'sCFStream, would make life harder for a potential curious developer. However, it will never stop a determined one. Your framework could, for example, be decompiled, although that's not a trivial task, which means many will quit even before starting, if the information is not worthwhile.