Using CryptoSwift and US Export Law

[gloparco]

Hey Marcin, great work on this framework!

I hope this isn't too off-topic. I thought it would be a good place to ask such a question, in case there are others like me who are interested in using CrytoSwift but have not yet released an app using it to the App Store.

Could you tell us if the usage of CryptoSwift would require app developers to answer "yes" to the App Store "US export compliance question" for encryption? I assume it would. Also, do you know if there would also be issues with submitting the app in France because of their laws?

For those who may be wondering what I am talking about, here is a pretty good rundown of the steps involved in submitting an app that required US compliance:

http://iphonedevsdk.com/forum/business-legal-app-store/120048-apple-and-cryptographic-export-certification-steps-to-follow.html

[fabulouspanda]

I think the answer is "yes", unless "your app uses, accesses, implements or incorporates encryption for authentication only"

So if you can describe your usage as for authentication only, I'd say the answer is "no"

[bordplate]

I'm currently going through this process, explained in https://pupeno.com/2015/12/15/legally-submit-app-apples-app-store-uses-encryption-obtain-ern/

Better safe than sorry.
EDIT: Did not realize this was such an old issue. But I guess the link can stay for others looking for the same thing.

[xslim]

If you answer Yes, there might be another question - "Are you using it for Payments" - if you answer Yes to that one, then no other questions are asked.
PS I'm using custom encryption (AES-CCM) in the payment App.

[sandipdhagdi]

I am going through same issue, I am using Only SHA algorithm from this pod for sending Hashed mobile numbers to server, Still do I need to Say yes to encryption while submitting app.
Please help

[krzyzanowskim]

@sandipdhagdi IMHO SHA is not really encryption in the sense that it does not encrypt data.

[krzyzanowskim]

There is an update to the rules, described in details here:
https://medium.com/@cossacklabs/apple-export-regulations-on-crypto-6306380682e1

“The source code of your app is “publicly available,” your app is distributed free of cost to the general public, and you have met the notification requirements provided under 740.13.(e).

In order for your app to qualify for TSU, as detailed in 740.13(e)1, the entire source code and the object file has to be open source, your app must be distributed free of charge to your customers, and you must provide the U.S. government the location of your source code.”

In all instances, submit the notification or copy to [email protected] and to [email protected].

[skyfoxa]

Does your app implement any standard encryption algorithms instead of, or in addition to, using or accessing the encryption within Apple’s operating system?

I'm using AES GCM from CryptoSwift and I'm not sure what to answer here. I'd say NO because it seems that CryptSwift is build upon Apple's standard encryption algorithms. Can you confirm?