An app on iOS has to perform an HTTPS connection, validating certificates against a root CA of a custom PKI.
Android seems to have best-practice procedures to handle this: one can ship the CA certificates with the app, and even configure pinning declaratively.
I haven’t been able to find a similar mechanism on iOS. All the material I could find suggests that TLS validations should pass through iOS, and that the CA certificate should be added to the Trust Store and therefore trusted at system level.
Question 1: have I missed something?
Question 2: in case I have not, I’m confused about the security model of iOS. Doesn’t forcing to trust certificate at system level imply a greater risk than just allowing developers to embed CA certificates in apps?
One attack scenario comes to mind: if I were able to distribute an app and convince users to trust my custom CA certificate to access my private cloud, then I could use my PKI to sign certificates for arbitrary domains, to be used in MITM attacks.