If I use the Dropbox API in my iOS app
- does this require me to declare at submission time that I have encryption in my App?
- If so is this a big amount of frak for a solo developer, legal & paperwork wise?
views:
89answers:
3
A:
If you answer yes to the encryption question, the next question is whether you use it for anything other than authentication.
If you only use it for authentication you can answer no to this second question and that will be the end of it.
If you use encryption for encrypting other things in your app like data that will be transmitted over the network, then this you must declare and will require some more explicit documentation.
Jasarien
2010-09-12 22:08:40
Thanks. Ill contact the dropbox team directly and see if they know explicitly for their API what the answer is. But all useful info.
Warren Burton
2010-09-13 07:24:57
The Dropbox crew replied that they didn't know whether an encryption disclosure was required. However the transport layer is only garden variety HTTPS so probably not an issue.
Warren Burton
2010-09-26 16:22:35
+1
A:
According to http://stackoverflow.com/questions/2128927/, using SSL counts as "containing encryption". This interpretation is a dangerous one:
- A UIWebView "contains encryption".
- An app that stores anything in the keychain "contains encryption".
- An app that protects files by setting NSFileProtectionKey=NSFileProtectionComplete "contains encryption"
- Anything that uses IPsec "contains encryption".
There are loads of things in your app that might, at some level, involve encryption, and there are no warnings in the API docs. But Apple chose to use the wording "contains encryption", not "uses encryption".
Personally, as long as your code doesn't choose an algorithm/key size, it's not possible to precisely answer questions about the alogrithms it "contains" (which the forms ask you for), so a reasonable interpretation is that simply using HTTPS doesn't mean your app "contains encryption". But I'm not a lawyer.
tc.
2010-09-13 01:29:30