0

Would like to get some help from people who implemented encryption in their apps and already passed it to app store.

Our app uses https/SSL and AES256 encryption provided by CCCryptor along with keychain.

According to this message regarding encryption:

Apps that meet the following criteria are required to comply with French Encryption Laws/Regulations if you intend to distribute your app in France. This requirement applies to apps that use, access, implement, or incorporate: (a) any encryption algorithm that is yet to be standardized by international standard bodies such as IEEE, IETF, ISO, ITU, ETSI, 3GPP, TIA, etc. or not otherwise published; or (b) standard (e.g., AES, DES, 3DES, RSA) encryption algorithm(s) instead of or in addition to accessing or using the encryption in iOS and/or Mac OS X Apple will require you to upload a copy of your approved French declaration when you submit your app to the App Store. Relevant French encryption regulations can be found at: http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=LEGITEXT000005789847&dateTexte=#LEGIARTI000006421577 http://www.ssi.gouv.fr/archive/fr/reglementation/regl_crypto.html http://www.ssi.gouv.fr/site_article195.html http://www.ssi.gouv.fr/site_article197.html

I'm having doubts on the line:

standard (e.g., AES, DES, 3DES, RSA) encryption algorithm(s) instead of or in addition to accessing or using the encryption in iOS

From what I researched, CCCryptor is an open source class made by apple so surely it should already be the encryption in iOS but according to this Related stackoverflow post who also uses CCCryptor, someone answered being required to apply for french import declaration.

So to our lads who already passed this problem, do we need to apply for the french import declaration?

Community
  • 1
  • 1
Bryan P
  • 4,142
  • 5
  • 41
  • 60
  • 1
    I'm voting to close this question as off-topic because it's not a programming question, it's an App Store requirement question. –  Jan 27 '16 at 03:30
  • Ok, I'm sorry, may I ask where to ask this kind of question? So that I can go to the right site to post it? I still have to ask about the forms needed for the application of the french import declaration which I can't find. – Bryan P Jan 27 '16 at 08:07

1 Answers1

2

Your question is answered in the iTunes FAQ. Specifically see:

https://itunespartner.apple.com/en/apps/faq/Managing%20Your%20Apps_Trade%20Compliance

See the "What do I need to know to answer each export compliance questions accurately?" question.

Further down are a series of scenarios. The 1st seems to apply to your question:

Sample Scenarios

Scenario 1: An app uses or accesses only encryption algorithms provided in iOS or Mac OS for its security features

-- Only US Encryption Registration (ERN) will be required (even if the app is distributed in France)

But ultimately you need to make your own decision based on your app and the rules. I am not a lawyer. I am simply pointing out Apple's FAQ on the matter.

Community
  • 1
  • 1
rmaddy
  • 314,917
  • 42
  • 532
  • 579
  • Thanks for pointing that out, what I'm unsure about is if the line "encryption algorithms provided in iOS" is also the same as the encryptions that CommonCrypto framework provides or specifically what CCCryptor provides. – Bryan P Jan 27 '16 at 07:58
  • Common Crypto and thus CCCryptor which is a part of Common Crypto is provided by Apple as part of Security.framework. – zaph Jan 27 '16 at 13:45
  • 1
    @BryanPosas Yes, that's why I pointed out Scenario 1. The libraries you mention are provided by iOS. – rmaddy Jan 27 '16 at 14:51