Felix Krause with a pretty sobering article about man in the middle attacks in both closed, and open source frameworks that you might use in your apps. It's a scary story, especially if you (or anyone who contributes to your app) ever develop on untrusted WiFi networks.
It's a serious problem, but it's also worth remembering that including any third party framework in your app presents risk, even without a MITM attack like this. How many of us really look at the internals of a framework that we choose before we use it? Also, now CocoaPods includes the ability for pods to add "Run Script" phases to our projects, that's yet another vector.
Just to go back to this MITM attack though. Do yourself a favour and use a VPN when you're connected to untrusted networks. Most of them can even detect untrusted WiFi and automatically connect. Why even risk it?