[ad_1]
I completed my app and wish to launch it within the App Retailer. I’ve to verify for Export Compliance. After I dived into this matter im discovering many assets with totally different contexts about what when to do or to not do. It’s not clear to me if I must do do a year-end self classification report back to the US authorities. I’m trying to find app builders who already submitted apps lately.
https://developer.apple.com/documentation/safety/complying_with_encryption_export_regulations#3145067
„In case your app makes use of, accesses, incorporates, implements, or incorporates encryption, that is thought of an export of encryption software program, which suggests your app is topic to U.S. export compliance necessities, in addition to the import compliance necessities of the international locations the place you distribute your app.“
I’ve a platform app the place customers are signing up for an account to have the ability to use the app. They will login with their credentials. The authentication course of is completed by my backend server which makes use of JWT for the Authentication stream and it encrypts the customers login within the backend. Additionally its saying:
Sometimes, the usage of encryption that’s constructed into the working
system—for instance, when your app makes HTTPS connections utilizing
URLSession—is exempt from export documentation add necessities,
whereas the usage of proprietary encryption just isn’t. To find out whether or not
your use of encryption is taken into account exempt, see Decide your export
compliance necessities.
In order of what I perceive, I dont need to do the self reporting since its [..] Restricted to authentication, digital signature, or the decryption of knowledge or recordsdata […] proper?
https://developer.apple.com/assist/app-store-connect/manage-app-information/overview-of-export-compliance
Examples of apps requiring an export compliance dedication embrace, however aren’t restricted to, apps that use:
- Normal encryption algorithms.
- Crypto performance inside Apple’s working system.
- Proprietary or non-standard encryption algorithms. The U.S. Authorities defines “non-standard cryptography” as any implementation of “cryptography” involving the incorporation or use of proprietary or unpublished cryptographic performance, together with encryption algorithms or protocols that haven’t been adopted or permitted by a duly acknowledged worldwide requirements physique(e.g.,
IEEE
,IETF
,ISO
,ITU
,ETSI
,3GPP
,TIA
, andGSMA
) and haven’t in any other case been revealed.
I assume the second and third level of this overview is each concerning to crypto apps solely, these factors doesn’t inform me something. However the definition of „Normal encryption algorithms“ isn’t clear in any respect.
Additionally im unsure what precisely is necessary for the self report back to the US. Authorities. Any assist to this entire matter is very appreciated. Greetings.
[ad_2]
Source link