When testing our iOS app, my team and I need to disable SSL certificate validation.
At present, we are using a hard-coded #define:
// In Prefix.pch
#define ALLOW_INVALID_SSL_CERTS
// Elsewhere
#ifdef ALLOW_INVALID_SSL_CERTS
// Code to disable SSL certificate validation
#endif
As a result, we have to remember to remove the #define every time we release a new version.
Ideally we would like to find a way to enable a flag in Xcode that would not be checked into source control.
I have discovered that this is possible using application arguments ([[NSProcessInfo processInfo] arguments); however this is potentially exploitable since an attacker could find a way to provide the argument in question to the app before it is launched.
Is there another way to set this up in Xcode?
