prad prad - 1 month ago 30
iOS Question

Does RSA encryption affect export compliance?

I am using https://github.com/ideawu/Objective-C-RSA this library to encrypt some data using a public key.

Current live app is already using https for all calls. I am confused as to how will my answers on export compliance change on version update?

Also, do I need to add export compliance documentation on itunes connect?

Additional details:


  1. I am using only encryption from the library.

  2. Then the encrypted string is sent to server. The backend server is responsible for decryption using private key.

  3. The encryption is NOT for authentication purpose. It is used send sensitive data to server


Answer

Turns out my use case was falling under the money transactions category. As per the export guidelines, this category is allowed to use cryptographic algos. All I had to do is mark "Yes" to the below questions during submission.

As per FAQ on iTunes Connect:

Does your product qualify for any exemptions provided under category 5 part 2?

(v) your app is specially designed and limited for banking use or ‘money transactions.’ The term ‘money transactions’ includes the collection and settlement of fares or credit functions.