I'm far from an expert on this area, but I know there are exemptions many apps can qualify for. The most notable of these is that the encryption is limited to authentication [1].
I talked to a couple of people at Apple and they explicitly told me that use of HTTPS is not covered under the exception. I think that exception was designed to authenticate licences of software. Programs that phone home, get a toke, and decrypt it to verify you paid for it, but that's just a hypothesis.
I'm pretty sure "limited to authentication" means that the data is transmitted in the clear but covered by a signature. HTTPS actually encrypts, so it wouldn't count.
Could you not also argue that ongoing use of HTTPS after authenticating yourself with the server is to ensure the response is coming from who you intend (i.e., the server authenticating itself to you)?
IANAL, but if you assume law matches cryptographic reality: there's such a thing as the NULL cipher, which most SSL stacks don't support (at least by default) because it's a big footgun. It will let you have traffic that's authenticated but not encrypted.