44

I'm publishing my app to App Store and I have doubts regarding the "Missing Compliance" step.

screenshot apple store UI

Here's some info about the app:

  • I used Expo (Managed workflow). That means I don't have direct access to Xcode.
  • It's a simple 2D video game, free, with Expo ADMob. You can pay to remove Ads.
  • It requests a camera and library permission (to take a picture if the player wants). No Notifications, or any other extra thing.
  • It uses Firebase (Database, Storage, and Analytics) and Sentry. (for HTTPS connections)
  • I didn't manually include any "encryption" custom thing (that I'm aware of)
  • I'm publishing the App from Portugal, Europe. I plan to publish it worldwide, if possible.
  1. Does your app use encryption? I didn't code anything related to it... but I assume I should say yes, right?

step 1: encryption

  1. Does your app qualify for any of the exemptions provided in Category 5, Part 2 of the U.S. Export Administration Regulations?. My app is a simple JS video game, with MobAds. Should I say yes or no?

step 2: exemptions category 5

  1. Does your app implement any encryption algorithms that are proprietary or not accepted as standards by international standard bodies (IEEE, IETF, ITU, etc.)? I did say no... is it right?

step 3 - encryptions algorithms

  1. Does your app implement any standard encryption algorithms instead of, or in addition to, using or accessing the encryption within Apple’s operating system? If I say no, it shows an extra message about HTTPS. My app does use HTTPS for Firebase (Database, Storage, and Analytics) and Sentry.

4. compliance with HTTPS

  1. Finally, if I say yes, it says: Version 0.1.0 (1) cannot be tested at this time because the build does not have associated export compliance documentation. Where do I find this documentation and how can I get it? I'm from Portugal, Europe.

enter image description here

Thank you!

Improve this question
2
  • I’m voting to close this question because it is about legal issues and App Store review policies.
    – Peter O.
    Commented Nov 10, 2020 at 22:31
  • 10
    congrats peter!
    – Seamus.Reeve
    Commented Dec 10, 2021 at 17:50

3 Answers 3

Reset to default
49

Question 1:

Reply YES as you use HTTPS encryption for connections

Question 2:

For what you said about your app the reply is NO. In brief you don't use any function inside your app that use a custom cryptography or it's strictly medical app. The encryption that you use it's only for data passing from app to server, nothing inside your app is encrypted (app or a part/module of app is not encrypted).

Question 3:

No you don't use a custom crypt algorithm. That is usually used for bank app data inside the app.

Question 4:

Say NO. The US rules give an exception for apps with only HTTPS calls (that is what you do). Read here for a full explanation:

Improve this answer
1
31

For expo users, automatically answer this question by adding this to your app.json/app.config.js:

{
  "ios": {
    "config": {
      "usesNonExemptEncryption": false / true
    }
  }
}
Improve this answer
1
  • 1
    Thank you! Answering the same question on every upload to TestFlight was starting to give me mental RSI!
    – David Carboni
    Commented Jun 25 at 16:03
1

Just add this key to info.plist file:

<key>ITSAppUsesNonExemptEncryption</key>  
<false/>
Improve this answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Not the answer you're looking for? Browse other questions tagged or ask your own question.