Export Compliance and AES256 in iPhone

5
votes

My application using AES256 algorithm to encrypt data. When i am ready to submit my app to App store , its asking

Export laws require that products containing encryption be properly authorized for export.

Does your product contain encryption or does it use or access encryption from another source, e.g., iOS or Mac OS X?

When i submitted apps with Sha1 previous time, i opted No.My app contain, use or access encryption for any purpose other than authentication or anti-virus protection. What am supposed to do if my app contains AES256 algorithm.

2
iosiphoneapp-store-connect
One wild guess is that Apple won't answer this question because it is a legal question, and they can't give you legal advice. You may need to get your own legal advice in your jurisdiction about whether your app requires CCATS reporting. - hotpaw2

2 Answers

1
votes

It depends on the use you give to that encryption in your app, in my case i was using aes to make a secure http call and I didn't need to authorize it for export, so if your last time you didn't need to authorize, I guess you don't need to do it know (if you are giving encryption the same use in both case)

1
votes

It is correct that your use of encryption matters, but you can still start with the Bureau of Industry and Security web site or call the BIS help desk at 202-482-0707 and get some advice.

In general, using AES to secure http traffic is considered using encryption, so a person has to dig deeper.