CODEWITHSUNDEEP
iosapp-store-connect
Rafi
Rafi

Reputation: 1922

iTunes Connect - Is your app designed to use cryptography?

When I tried to activate a build of my app for Test Flight usage, I got asked this question:

Is your app designed to use cryptography or does it contain or incorporate cryptography? (Select Yes even if your app is only utilizing the encryption available in iOS or OS X.)

In my app, I'm sending API calls over HTTPS to my remote server so users can make friends, chat, authenticate, etc.

Does this count? I'm kind of confused why they're asking this now AND only for Test Flight.

Upvotes: 22

Views: 18169

Answers (4)

Vince Varga
Vince Varga

Reputation: 6958

Today (June 2019), IMHO, the correct answer to Apple's "Is your app designed to use cryptography or does it contain or incorporate cryptography? (Select Yes even if your app is only utilizing the encryption available within Apple’s operating system.)" question is Yes.

After you selected the Yes option, an additional question will be displayed

Does your app meet any of the following:

(a) Qualifies for one or more exemptions provided under Category 5 Part 2

(b) Use of encryption is limited to encryption within Apple’s operating system

(c) Only makes calls over HTTPS

(d) App is made available only in the U.S. and/or Canada

If your app, in fact, only uses HTTPS (and no other form of encryption), select Yes again for the second question.

Upvotes: 3

Jonathan Cabrera
Jonathan Cabrera

Reputation: 1751

You can select NO as using HTTPS is now exempt from the Exporter Registration and Reporting (ERN) as of late September, 2016: https://stackoverflow.com/a/40919650/4976373

Upvotes: 17

Pradeep K
Pradeep K

Reputation: 3661

If you are using just HTTPS then there is no need to select this option. You can set it as NO. You have to set it to Yes only if you use custom cryptography in your code to encrypt or decrypt data. But if its just https calls then you can set this to No.

Upvotes: 8

zaph
zaph

Reputation: 112855

  1. You must answer YES that the app uses encryption.
  2. Using Test Flight you many have testers in foreign countries and thus possibly exporting cryptography.

You state that "users can make friends, chat" and this is what the requirement its about.

This is generally stupid but required by the U.S. government.

You will need to figure that out for yourself, consult BIS website or get a knowledgable lawyer/cryptographic domain expert.
Also see BIS encryption flowchart 1 and flowchart 2

Upvotes: 7

Related Questions