Search code examples
iosencryptionapp-store-connectappstore-approval

Have you added or made changes to encryption features since your last submission of this app?

When submitting my application, I have faced these question in itunes connect portal.
I have used CommonCrypto/CommonCryptor.h, CommonCrypto/CommonKeyDerivation.h, Security/Security.h, Security/SecRandom.h ios library.
I use http get services with AES256. Can you answer the following questions?

1-) Have you added or made changes to encryption features since your last submission of this app?
Export laws require that products containing encryption must be properly authorized for export. Failure to comply could result in severe penalties. Learn more about export requirements.
YES or NO

2-) Is your app designed to use cryptography or does it contain or incorporate cryptography? (Select Yes even if your app is only utilizing the encryption available in iOS or OS X.)
YES or NO

if question 2 YES

Does your app qualify for any of the exemptions provided in Category 5, Part 2 of the U.S. Export Administration Regulations?
Make sure that your app meets the criteria of the exemption listed here. You are responsible for the proper classification of your product. Incorrectly classifying your app may lead to you being in violation of U.S. export laws and could make you subject to penalties, including your app being removed from the App Store. Read the FAQ thoroughly before answering the questions.

You can select Yes for question #2 if the encryption of your app is:
(a) Specially designed for medical end-use
(b) Limited to intellectual property and copyright protection
(c) Limited to authentication, digital signature, or the decryption of data or files
(d) Specially designed and limited for banking use or "money transactions"; or
(e) Limited to "fixed" data compression or coding techniques
You can also select Yes if your app meets the descriptions provided in Note 4 for Category 5, Part 2 of the U.S. Export Administration Regulations.
For additional guidance on exemptions, see the FAQ.
YES or NO

Solution

  • You have to answer all the questions as YES because of the following reasons:

    1) YES: Because you have made changes to encryption features.

    2) YES: Your app is designed to use cryptography and contains cryptography.

    And as my understanding your app is a Category 5, Part 2 app, because you say yes at least one of the following sub-questions for question 2. So you have to fill the correct documents. You can also follow this, it is very useful.

    How to legally submit an app to Apple’s App Store when it uses encryption (or how to obtain an ERN)

    Please click on links for more details:

    Flow Chart 2: Classifying under an ECCN in Category 5, Part 2

    Submitting the App to App Review

    Google Play Info