I have an application currently in the store which at one point involves displaying a modal UIWebView. The webview displays a specific webpage on which the user logs in, makes some selections, and then once they are finished the webview is dismissed. The login webpage is located at a https location.
I have read in a few places that using SSL means I probably need to fill in a CCATS and get my app passed for export compliance, but I assume this is not the case when using a UIWebView. If this was the case, then surely any app that includes a browser would need to pass export compliance?
I am considering removing the UIWebView for a nicer user experience, but I'm expecting that as I will be using SSL for authentication as well as any further interactions within the website, it will require filling in a CCATS.
So, I guess my questions are:
Am I correct that in it's current version, my app does not require export compliance
Is what I am doing with the UIWebView/webpage currently secure, assuming the actual website itself is secure?
If I choose to remove the UIWebView and do the SSL interactions myself, am I likely to need to fill in a CCATS?