In my iOS app I am sending user credentials in an API, I just get to know that I can see all server and iOS app communication using fiddler2. Is there a way we can stop this (or kind of these tools) to see data over HTTPS.
I have read this - Can someone view the data going over https using fiddler? so I know how fiddler works but not sure how to stop it.
You can use method called "SSL Pinning". You should package server certificate with your application and check if it is equal to current connected server. If you use AFNetworking you can do it easily with AFHTTPRequestOperation's SSLPinningMode property.
Some useful links: http://www.doubleencore.com/2013/03/ssl-pinning-for-increased-app-security/ http://nsscreencast.com/episodes/73-ssl-pinning