Reputation: 787
Should I add ITSAppUsesNonExemptEncryption to yes in plist in iOS app?
I am using base 64 bit encryption for encrypting the string while sending request over the network in some web apis.
Please let me know in iTunes connect, should I select yes for encryption?
Thanks in advance!!!
Upvotes: 0
Views: 2602
Answers (1)
Reputation: 14514
As far as you are sending encrypted content over network using iOS's encoding technique base64 encoding, you need to mark it as NO.
You are not using any encryption techniques like AES, DES, RSA, so you are not using encryption at all.
Base64 is not encryption - It is an encoding technique.
Question : Is your app designed to use cryptography or does it contain or incorporate cryptography?
Answer : "YES" to the question if your app is using encryption. Some examples of encryption use include:
- Making calls over secure channels (i.e. HTTPS, SSL, and so on)
- Using standard encryption algorithms
- Using crypto functionality from other sources such as iOS or macOS
- Using proprietary or non-standard encryption algorithms
Answer “NO” if your app does not use, access, implement or incorporate encryption.
Question : Does your app implement any standard encryption algorithms instead of, or in addition to, using or accessing the encryption in Apple’s iOS or macOS?
Answer : "YES" to the question if your app implements industry standard algorithms such as AES, DES, RSA, and so on, instead of or in addition to accessing or using the encryption algorithms available in Apple’s iOS or macOS.
Answer “NO” if your app does not implement industry standard algorithms instead of, or in addition to, accessing or using the encryption algorithms available in Apple’s iOS or macOS.
For more information visit Q&A for iTunes Connect.
Update for Comment about ATS :
NSAllowsArbitraryLoads
Since release of iOS 10 and later, and macOS 10.12 and later, by setting this key as Boolean value YES, disables App Transport Security (ATS). Which may result in rejection of Application from App Store Review.
Use of this key triggers App Store review and requires justification.
So it is recommended to use HTTPS server with TLSv1.2 support.
Enabling this key can also be useful for debugging and development.
NOTE: Disabling ATS allows connection regardless of HTTP or HTTPS configuration, allows connection to servers with lower Transport Layer Security (TLS) versions, and allows connection using cipher suites that do not support perfect forward secrecy (PFS).
This key’s default value of NO results in default ATS behavior for all connections except those for which you have specified an exception domain dictionary.
Upvotes: 1
Related Questions
- ITSAppUsesNonExemptEncryption export compliance while internal testing?
- Is there a way to apply ITSAppUsesNonExemptEncryption in a Swift Playground?
- Does an iOS app that uses StoreKit "use encryption", as in Apple's Export Compliance Information question?
- Does UIApplication.shared.open(url) count as encryption?
- ITSAppUsesNonExemptEncryption Cordova Build
- iTunes Connect - Is your app designed to use cryptography?
- App uses https - what is the correct value of ITSAppUsesNonExemptEncryption
- iTunes Connect - Export Compliance is necessary for password?
- Is my application using encryption (only keychain)?
- Does HTTPS in my app considered "Encryption"