3

There are some similar questions about this topic but non of them really matches my problem. I made an App with Flutter and while uploading my project to the App Store I got asked about the Export Compliance. My App contains some buttons to some homepages, so for example there is a button called News and when the user clicks on that button, the internal browser of the iPhone opens up and a news homepage appears. Also it is possible to share one of ten images which are all located inside the App. The user can share this image via WhatsApp, Mail, etc. Some of the images are located in Firebase storage and displayed inside the App. I also use Cloud Firestore to display a little text.

One other function of the App is that the user can search for some cars. The user chooses brand, model and price and then the results are shown. All the data of the cars are located in a json file which I host on my own GitHub open repository.

That's basically it. These are the only things my App can do.

Do I need to say "yes" to the question wether or not my App uses encryption? I'm really not sure..

Thank you very much! enter image description here

Berkin
  • 419
  • 1
  • 7
  • 15

2 Answers2

4

Caveat: I am not a lawyer and only you can truly assess the answers that are right for your app.

If your app uses encryption (e.g. https communication to Firebase) you should click Yes to the first question (does the app use encryption?), but if it is just standard use-cases like that it is likely exempt, and if so then you can click Yes to the second question about exemption too (is the app's use of encryption exempt?) and Apple won't need any additional information from you.

Note that the wording of the second question often confuses people, but it is basically asking is your app exempt?

Does your app qualify for any of the exemptions provided in Category 5, Part 2 of the U.S. Export Administration Regulations?

And as the other answer pointed out, you can indicate in your plist file that you do not use non-exempt encryption to skip the question in future releases with the ITSAppUsesNonExemptEncryption key.

<dict>
  ... other stuff
  <key>ITSAppUsesNonExemptEncryption</key>
  <false/>
</dict>

There is some relevant discussion here and here and here

Tyler V
  • 9,694
  • 3
  • 26
  • 52
  • Great point Tyler about the https communication - that is encryption, and its a no to the followup question Apple is results in the reason to add the Info.plist entry – Jared Anderton Dec 30 '21 at 22:43
  • 1
    If it is exempt use like https it would be "Yes" to the second question (see the question image [here](https://stackoverflow.com/a/44396900/9473786) - "Does your app qualify for any of the exemptions provided in Category 5, Part 2...?"). The double-negative in the plist file is often confusing (does not use non-exempt encryption) – Tyler V Dec 30 '21 at 22:47
1

Unless you are doing something unusual with encryption, you can just say no. Also, in the future, you can prevent being asked this question on every release, by adding this to your app's Runner/Info.plist file (between <dict> tags):

<dict>
  ... // all your existing configs
  <key>ITSAppUsesNonExemptEncryption</key>
  <false/>
</dict>
Jared Anderton
  • 826
  • 9
  • 12
  • I think the answer is miss leading. If you use for example HTTPS then you should say Yes, not no. Using HTTPS is not "doing something unusual with encryption". – Tomas Feb 12 '22 at 11:32
  • 1
    I disagree here with the downvote & that it's misleading. HTTPS is a usual/standardized (aka - exempt) encryption. If you are implementing something other than HTTPS to encrypt data in transit (or on device encryption with something other than Keychain or Apple provided encryption standards), _then_ you would say `true`. But, by following the prompts in Xcode/App Store Connect, and if you are using standard encryption methods, like HTTPS, the answer to "app uses *non exempt* encryption" would false. – Jared Anderton Feb 15 '22 at 21:34