Unfortunately, this is not possible at this time.
Could you please elaborate on the security policy you're referring to. The API already supports ArcGIS Server security model (Basic/Digest/Token).
If we have more information about your needs we can try and suggest ways to meet them or build provisions in the API for a future release.
Any news about this issue? We have the same requirement, we need to pass custom headers required by our reverse proxy.
I saw that this will be possible with the new Quartz SDK (AGSRequestConfiguration::useHeaders :
https://developers.arcgis.com/ios/beta/api-reference//interface_a_g_s_request_configuration.html#a47...) so I guess we have to wait for it.