I've always interpreted "(ii) your app uses, accesses, implements or incorporates encryption for authentication only" as our uses cases for using HTTPS and thus said that I am exempt.
Unless you are using HTTPS with NULL encryption algorithm, your bytes are encrypted and decrypted, so it's not "authentication only". I think that you can use NULL encryption algorithm and in this case only authentication will be performed. But I'm not sure that standard library will allow to use this algorithm.