-2

I found this Does my application "contain encryption"? which provides very useful information but I'm not sure if my case falls under this export compliance where my App only displays encrypted messages ( let say AES 256 encrypted messages ).

For more details, let's say App sends clear message (with base64 encode) to a Server using HTTP ( not even HTTPS) to encrypt using AES, and then display the received result on the App. App also sends encrypted messages, which user to key in, to Server to fetch the clear messages back and display. So, should this App be considered 'No contain encryption' ?

Thank you

Obsidian Age
  • 41,205
  • 10
  • 48
  • 71
Thanh Nguyen
  • 11
  • 1

1 Answers1

0

According to the Apple documentation:

"If your app uses, accesses, contains, implements, or incorporates encryption, this is considered an export of encryption software, and is therefore subject to U.S. export and other country or region import compliance requirements.

Use of encryption includes, but is not limited to:

  • Making calls over secure channels (i.e. HTTPS, SSL, and so on).
  • Using standard encryption algorithms.
  • Using crypto functionality from other sources such as iOS or macOS.

There are, however, exemptions to this, and you are exempt if (and only if) all of the encryption used in your app falls into at least one of the following categories:

  • (a) Specially designed for medical end-use
  • (b) Limited to intellectual property and copyright protection
  • (c) Limited to authentication, digital signature, or the decryption of data or files
  • (d) Specially designed and limited for banking use or "money transactions"; or
  • (e) Limited to "fixed" data compression or coding techniques

So in this specific example (as with most iOS apps), it is likely that your app will require export compliance.

If you require compliance, you will be required to file a year-end self classification report to the US Bureau of Commerce.

Obsidian Age
  • 41,205
  • 10
  • 48
  • 71