Home / IOS Development / ios – (Always) report to US authorities when using encryption to authenticate users?

ios – (Always) report to US authorities when using encryption to authenticate users?

This may not be a direct code question, but it is a question that often comes up in SO, and I think it is very useful to read.

App Store ̵

1; Help to respond to “Non-compliance” (using Expo + Firebase)

Does my application contain encryption?

ITSAppUsesNonExemptEncryption export compliance during internal testing?

I do not live in the United States and therefore do not navigate freely in their legal system or keep up to date with changes. However, using US products and platforms such as the Apple App Store means that I must comply with national rules and guidelines.

It’s this one thing about encryption compliance when I post to the app store. It always asks me if I use encryption. The answer is yes – since download as OTA updates is https. The SO questions are often so yes to the first and no to the rest if https is the only encryption used.

BUT what if you use encryption to authenticate a user. Then it seems as if there must be yes to encryption and yes to this question:

Does your app qualify for any of the exceptions provided in Category 5, Part 2 of the US Export Administration Regulations ?.

enter image description here

Here’s what I do not get. If this is the case for US compatible mobile apps – I have to report to US authorities if I deploy a site that does exactly the same type of authentication logic

There is a lot of great material on how to build a good authentication system – but have never come across a mention of

“BTW ☝️ do not forget to report to US authorities that you authenticate your users with encryption”

Source link