Getting this message after successfully uploaded the app in the TestFlight "Export Compliance Information Does your app use encryption? Select Yes even if your app only uses the standard encryption within Apple's operating system"

Question

Created Mar ’21

Replies 12

Boosts 0

Views 11k

Participants 3

Getting Yes or No after clicking No, getting the following message:

It is your responsibility to comply with export regulations, and you should revisit these questions if your encryption or exemption status changes. If your encryption and exemption eligibility stay the same, specify this in the target properties table in Xcode.
App Uses Non-Exempt Encryption : No

If you are making use of ATS or making a call to HTTPS, you are required to submit a year-end self classification report to the US government.

Export laws require that products containing encryption must be properly authorized for export. Failure to comply could result in severe penalties.

In my app i am not using app any encryption but making a call to the HTTPS in the app. I'm not getting what exactly needs to be done.

Boost

Answer 1

robnotyou OP

Mar ’21

You just need to tell it "No".

In future, you can avoid this warning, by adding the relevant key to your Info.plist.

Depending on how you prefer to view your plist...

Info.plist viewed as Source Code:
<key>ITSAppUsesNonExemptEncryption</key>
<false/>

or

Info.plist viewed as Property List:
App Uses Non-Exempt Encription: NO

1

Answer 2

yash365 OP

Mar ’21

Hello @robnotyou, i am using HTTPS call in the app and it is an flutter app, so do i need to provide the necessary report will it impact the app in the future ?

0

Answer 3

robnotyou OP

Mar ’21

Accepted Answer

It doesn't matter what technology you are using... flutter or whatever, the question relates to how your app uses encyption.

Apple say: "Typically, the use of encryption that’s built into the operating system—for example, when your app makes HTTPS connections using URLSession—is exempt from export documentation upload requirements, whereas the use of proprietary encryption is not."

For a more detailed answer, you can determine if your use of encryption is considered exempt here:
https://help.apple.com/app-store-connect/#/dev63c95e436

1

Answer 4

yash365 OP

Mar ’21

Hello @robnotyou your answer is helpful. But I could not able to find that my app uses HTTPS connections using URLSession is there any to found out and the HTTPS I am using is proprietary.

0

Answer 5

robnotyou OP

Mar ’21

Perhaps you could post some further information, or include a code snippet?

0

Answer 6

Claude31 OP

Mar ’21

You first said:

i am using HTTPS call in the app

and later:

I could not able to find that my app uses HTTPS connections

That seems quite contradictory…

0

Answer 7

yash365 OP

Mar ’21

Hello @Claude31 I am that saying I could not find HTTPS connections using URLSession in the app, but i am using the HTTPS connection through plugin in flutter.

Also I given the code sample i am using in the app for reference @robnotyou @Claude31.

Code Block import 'package:http/http.dart' as http; // http plugin in flutter link :  https://pub.dev/packages/http
import 'dart:convert';
// http get method
Future<List<Sample>> getSampleData() async {
  List<Sample> list;
  String basicAuthTest = 'Basic ' +
    base64Encode(utf8.encode(
      '${username}:${password}'));
  String link = ‘https://sampleurl.com';
  var res = await http.get(
   link,
   headers: {"authorization": basicAuth},
  );
  if (res.statusCode == 200) {
   var data = json.decode(res.body);
   var rest = data["result"] as List;
  }
  return list;
 }
}

Thank you,
Regards

0

Answer 8

robnotyou OP

Mar ’21

That looks like pretty standard stuff, I don't see any problem with it.

0

Answer 9

yash365 OP

Mar ’21

Ok @robnotyou, does it exempted from export law ?

0

Answer 10

robnotyou OP

Mar ’21

It sounds like it.

0

Answer 11

yash365 OP

Mar ’21

ok, thanks for guidance.

0

Answer 12

robnotyou OP

Mar ’21

Did you finalize this?

0