Using SSL in an iPhone App - Export Compliance

John picture John · Jan 24, 2010 · Viewed 44.2k times · Source

I'm looking at creating an iPhone app that will communicate with a REST Web service. Because some user-sensitive data (name, address, age, etc) will be transmitted, I'm looking at securing the connections with SSL.

However, on my previous escapades into App Store submission, I saw that the first question I get asked is "Does your application use encryption?" and depending on the answer to this and other follow-up questions, may require US export compliance.

My company is not based in the US, nor do we have a US office.

Has anyone else submitted an app using SSL for this sort of purpose? If so, did you need to do anything to get permission to use it, either from Apple or from the US government?

Answer

JosephH picture JosephH · Jan 20, 2011

Update as of 20th September 2016

ERN's are no longer required, so it seems many apps will no longer need to register with the US government. (Though you may still need to file a bi-annual Self-Classification Report Supp. No. 8 to Part 742 report.) http://www.bis.doc.gov/InformationSecurity2016-updates

(Thanks to @EugenioDeHoyos and @user3562927 for pointing this out!)

This third-party website may assist you in preparing your report: Self-Classification Report Generator (Another user added a link to it, I have not tried it myself.)

French Government registration is still required to sell in France.

The iTunes Connect FAQs have been updated to cover this change and are the most readable reference I've found.

Old Answer

The process has changed, as of Summer 2010, and you (probably) need an ERN now, not a CCATS as was necessary at the time John wrote his answer.

See Apple iTunes export restrictions on apps. The iTunes connect faq also contains a lot of useful information on export compliance.

There are also now restrictions that apply to distributing apps with encryption on the French app store - see the itunes connect FAQ and the French Export Compliance thread on the devforums.