Menu
We recently decided to update a couple of our apps this summer to switch them from http to https in order to follow the new Apple guidelines which go into affect January 2017.
The only thing transferred to and from the app is product information, no user info or anything even remotely sensitive. But we want to comply early so that we don't have to worry about it later.
The question:
Apple seems to be forcing us to deal with US Export Compliance law which requires us to get an approval for an Exporter Registration Number (ERN), and a SNAP-R which requires a Company Identification Number (CIN). I think, I am no lawyer.
Now this question was somewhat answered here but that was more than 3 years ago, and if I understand what is happening, everyone who makes an http connection with their app and has it available outside the US is going through this.
If that's the case then I would would have expected a very clear explanation on what switching to https will require for most iOS app developers.
However I have not found much on this and I am confused on what the exact requirements are (if any).
Any counsel is appreciated.
246
asked Aug 18 '16 14:08
Typically, the use of encryption that's built into the operating system—for example, when your app makes HTTPS connections using NSURLSession —is exempt from export documentation upload requirements, whereas the use of proprietary encryption is not.
HTTPS uses an encryption protocol to encrypt communications. The protocol is called Transport Layer Security (TLS), although formerly it was known as Secure Sockets Layer (SSL). This protocol secures communications by using what's known as an asymmetric public key infrastructure.
Keep in mind that this is double negation (the app uses non exempt encryption) and to Apple, HTTPS is exempt encryption.
Hypertext Transfer Protocol Secure (https) is a combination of the Hypertext Transfer Protocol (HTTP) with the Secure Socket Layer (SSL)/Transport Layer Security (TLS) protocol. TLS is an authentication and security protocol widely implemented in browsers and Web servers.
Disclaimer: These were my results after many rounds of emails with different export control team members, however these results are specific to our own apps and may not be applicable to others.
Short answer: Despite having an encrypted database using SQLCipher and using HTTPS for all of our data transfers, our apps Export Control Classification Number (ECCN) is "EAR99" meaning they do not need any US export license (no SNAP-R). Hit that publish button!
More details: My company employ a third-party company that specializes in classifying products that are meant to be exported. After finding that out I submitted all of our app information to them and they decided that we did not fall under the export control umbrella.
142
answered Oct 13 '22 23:10
When uploading a app to iTunes Connect it says:
If you are making use of ATS or making a call to HTTPS please note that you are required to submit a year-end self classification report to the US government
2
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
