Hello,
I am developing a password manager app using Swift.
As the data need to be secured, I am planning to encrypt the attached realm database
using AES-256+SHA2 encryption method.
What are the prerequisites to publish this kind of app on the app store ?
If publishment with encryption has difficults, can I publish this kind of app with sensible data without encryption ?
Thank you for your answer.
It's complicated and explained here (among other places):
h ttps://www.bis.doc.gov/index.php/encryption-and-export-administration-regulations-ear
You may be eligible to export encryption technology (that's what you are doing) under one of the exemptions in the law. When you submit the app you will be asked 'do you use encryption' and you will have to answer 'yes'. Then you will be asked something like 'is it not exempt from licensing requirement' and you might be able to answer 'no' (I think it's a double negative but I don't recall - it might be worded differently. The essence is, if you are not covered required to, by the law, you will not need to submit extra documents.)
I believe the purpose of the law is to prevent interparty encrypted communications that can not be viewed by government authorities - or at least to control such communications. Your use, for password encyrption, may therefore not be covered and you might be exempt.