It is not currently possible to configure custom domains with SSL on the shinyapps.io service, so applications with a custom domain URL cannot be served over the HTTPS protocol. However, the application itself is always served over SSL.
The custom domain is enabled by embedding the application as an iframe. While the custom domain "container" page cannot support SSL today, the application embedded in the iframe is delivered over HTTPS. You can see this by viewing the page's source code - you will see the HTTPS URL for the app embedded as an iframe on the page, for example:
<iframe id="shinyapps" src="https://<my_account>.shinyapps.io/<app_name>/" frameborder="no"></iframe>