iPhone In app purchases and Encryption export restrictions

Question

When an application is being submitted to the Apple App store, I need to choose whether the app implements cryptography or not.

My application itself does not use any cryptography, BUT it has In app purchase feature, i.e. the users can download additional paid content.

I still didn't drill much into the in app purchase details, but I can imaging that making a purchase online is done at least trough a secure connection, thus effectively using a cryptography for communication over a secure channel.

My question is: Are then all iPhone apps having in app purchases automatically having to check "yes" on the question about cryptography in the iTuness submit process?

Answer 1

As I understand from a good research during the day, all code delivered with the iPhone OS as part of the SDK is not to be considered as part of the app, thus cryptography implemented in the SDK as the CCCrypt or the Store Kit is dejure not a part of my application.

Answer is : In app purchases do not account as "cryptography included in the app"

Answer 2

I wouldn't be so sure about this one unfortunately. I had a similar situation recently where I was using HTTPS (SSL/TLS) (with the built-in iPhone libraries - I wasn't doing anything explicitly related to encryption myself - and Apple told me I needed to get CCATS approval for this.

I suggest contacting Apple to check this. They have a very helpful export compliance team who can let you know what to do.