tags:

views:

1099

answers:

2
+1  Q: 

Using SSL in an iPhone App - Export Compliance

Hi,

This question isn't strictly development-related but I hope it's still acceptable :)

I'm looking at creating an iPhone app that will communicate with a REST Web service. Because some user-sensitive data (name, address, age, etc) will be transmitted I'm looking at securing the connections with SSL.

However, on my previous escapades into App Store submission, I saw that the first question I get asked is "Does your application use encryption?", and depending on the answer to this and other follow-up questions, may require US export compliance.

My company is not based in the US, nor do we have a US office.

Has anyone else submitted an app using SSL for this sort of purpose - and if so did you need to do anything to get permission to use it, either from Apple or from the US government?

Thanks in advance,

John

A: 

I strongly agree with Michael; if you did not write any encryption code, you're fine. You are using the libraries which were provided by the iPhone OS.

Alan D.  2010-02-06 22:42:31
Just because it makes sense to us from a logical perspective doesn't mean the government agrees. Best to ask Apple or the U.S. BIS (http://www.bis.doc.gov/).
Steve Madsen  2010-03-13 19:14:42
Agreeing strongly doesn't make your answer more credible. This is also now covered in the export compliance FAQs on the iTunes Connect website. If you use any encryption technology in your app, whether provided by Apple via iOS or not, you still have to submit a CCATS application.
Ben Collins  2010-09-13 18:07:46
+4  A: 

Hi all, Thanks for the info. I actually went back to Apple and it turns out that any application using SSL does need approval (unfortunately). There are apparently some exceptions, such as if the application uses SSL only for a single payment transaction.

There's more information on this here: http://www.zetetic.net/blog/2009/08/03/mass-market-encryption-commodity-classification-for-iphone-applications-in-8-easy-steps/

and here: http://blog.theanimail.com/iphone-encryption-export-compliance-for-apps

Good luck to anyone else in a similar position - I'm off to start writing a CCATS application...

John

John  2010-02-07 23:17:32

related questions

How do we get arround Apple's decission to skip sms templates for iPhone?
iPhone App Crashing - Error Question
Can I write native iPhone apps using Python
Does the Iphone 1/2 have a compass inside?
How do you beta test an iphone app?
Is it just the iPhone simulator that is restricted to intel only Mac's?
iPhone App Minus App Store?
Deleting messages from Exchange IMAP mailbox on iPhone
Is there a multiplatform framework for developing iPhone / Android applications?
How can I launch the Google Maps iPhone application from within my own native application?
Tips for a successful AppStore submission?
iPhone app that access the Core Location framework over web
Virtual Mac?
What's a good machine for iPhone development?
How can I develop for iPhone using a Windows development machine?
Recommended iPhone Development Resources
Best Wiki for Mobile Users
How to programmatically send SMS on the iPhone?
iPhone - Exchange Calendars in Public Folders
iPhone web applications, templates, frameworks?
Understanding reference counting with Cocoa / Objective C
How-to articles for iPhone development, Objective-C
What are the correct pixel dimensions for an apple-touch-icon?
How do I give my web sites an icon for iPhone?
iPhone app in landscape mode