Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

IOS App submission Export Compliance: Firebase

Tags:

ios

firebase

I am ready to submit my app to the app store, and after doing some research I still can't seem to find any information with regard to firebase in my app.

Is Firebase exempt? all I use it for is analytics and Admob.

so does Firebase utilize encryption and if it does do I have to worry about its export compliance or does Google have it covered?

I will consult a lawyer tomorrow but I am just curious as to what other people have done.

like image 689
Jurgen Avatar asked Jan 03 '18 22:01

Jurgen


People also ask

How to build and distribute iOS apps using Firebase?

Step 1. Build your app Step 2. Distribute your app to testers Step 3. Register additional devices You can manage your team's testers and distribute builds to them using the Firebase console. If you haven't already, add Firebase to your Apple project.

Is My App subject to export compliance for App Store submission?

Therefore yes, your app is subject to export compliance for App Store submission. Usually you do not have to provide any documents to Apple for App Store submission. You just have to answer a simple questionnaire on the web site, which you're automatically asked.

How do I Manage my team's testers using Firebase?

Step 1. Build your app Step 2. Distribute your app to testers Step 3. Register additional devices Step 1. Build your app Step 2. Distribute your app to testers Step 3. Register additional devices You can manage your team's testers and distribute builds to them using the Firebase console. If you haven't already, add Firebase to your Apple project.

Does Firebase use SSL?

Firebase uses SSL so you need to answer yes to "Does your app use encryption?". You'll need to submit a report in January. You can find instructions for doing this report by googling "Does your app use encryption?"


1 Answers

My app uses Firebase. If Firebase was exempt then I would have to add <key>ITSAppUsesNonExemptEncryption</key><false/> to my Info.plist, which I haven't. My app interacts with things like Firebase Storage, Firebase Database and opens links in Safari. I have been testing it through TestFlight with external users, which requires a beta review, and it passed. So I'm pretty you don't have to worry about it, but I'm not 100% sure.

Update 1

I found an answer to a similar question. It says:

If the only use is an https connection to facebook I would answer no. At WWDC16 I specifically asked this question twice of the security team and was told that they did not consider HTTPS to be encryption for this question.

More:

New U.S. legislation went into effect on September 20th. The new regulation removes the requirement to register your app simply because it uses encryption.

Some links to the 9/20 changes: Changes to BIS's information security controls bring relaxed controls, removal of registration requirement Dentons, US Implements Regulation Changes for Encryption Products, Software and Technology Shadden, Export Administration Regulation (EAR) BIS.

Note that other countries also have regulations covering sale of encryption including France.

How this affects answering the Apple question is unclear. It my app useed encryption directly (my API calls directly to AES for example) I would answer "yes" and supply the above information.

Disclaimer: This is not legal advice.

like image 66
eirikvaa Avatar answered Oct 05 '22 08:10

eirikvaa