So it seems like completely allowing http via NSAllowsArbitraryLoadsInWebContent doesn’t actually completely invalidate SSL checking; it just disables things like weak encryption/old TLS version protection, certificate pinning, etc. However, Apple’s docs says that by using one of these ways to bypass ATS protection, the app will be subject to additional app store review where we need to communicate with the reviewer of a sufficiently acceptable reason to use it (such as the app becomes broken due a service used by the app being on an older TLS version that is outside of our control). (Here’s the relevant docs from Apple)
I think it’s not something we’d want to risk getting rejected by the app store for unfortunately.