Encryption and Apple/iOS compliance with export laws

  • Bayar Garam
    Participant
    Post count: 5
    #88902 |

    Hello,
    I would like to use the TestFlight feature in iTunes Connect, but it is asking me for information on whether my build contains encryption (cryptography) or not. I have no experience in this area. SAB itself does state that the data is encrypted. What should be the answer for the following question: “Is your app designed to use cryptography or does it contain or incorporate cryptography?” What documentation should I provide for Apple?

    Thanks a lot.
    Bayar

  • Chris Hubbard
    Participant
    Post count: 19
    #90519 |

    Hello,

    I am asking people within SIL what should be the response. For your information an SAB generated app can use encryption in the following ways:

    1) If you use HTTPS URLs to download audio (I believe that FCBH libraries use HTTP to download content)
    2) If you use HTTPS URLs in the about box (e.g. privacy policy)
    3) I haven’t checked Analytics, but they likely will
    4) EVERY app uses an encryption algorithm which is “Limited to intellectual property and copyright protection” for protecting the scripture content

    So I believe you will have to answer:
    Q1: Is your app designed to use cryptography or does it contain or incorporate cryptography? — YES

    Q2: Does your app meet any of the following:
    (a) Qualifies for one or more exemptions provided under category 5 part 2
    (b) Use of encryption is limited to encryption within the operating system (iOS or macOS)
    (c) Only makes call(s) over HTTPS
    (d) App is made available only in the U.S. and/or Canada

    You can select Yes for question #2 if the encryption of your app is:
    (a) Limited to using the encryption within the operating system (iOS or macOS)
    (b) Limited to making calls over HTTPS
    (c) Specially designed for medical end-use
    (d) Limited to intellectual property and copyright protection
    (e) Limited to authentication, digital signature, or the decryption of data or files

    (f) Specially designed and limited for banking use or “money transactions”; or
    (g) Limited to “fixed” data compression or coding techniques

    — YES, since (a):
    * (b) Limited to making calls over HTTPS
    * (d) Limited to intellectual property and copyright protection

    This is the best I can come up with now. I will reply later if we have an official response (this is not an official response).

    Thanks,
    Chris

You must be logged in to reply to this topic.