Suddenly being asked for export compliance, even with ITSAppUsesNonExemptEncryption set to NO

Welcome to the forum.

It likely just means they want to have your explicit commitment (not only automatic from meta data) that the app does not use encryption.

I guess that if you set ITSAppUsesNonExemptEncryption to YES and declare you don't use, there would be an alert or a rejection.

I've not identified any issue with it otherwise.

What conditions trigger export compliance questions when ITSAppUsesNonExemptEncryption is NO?

Hello,

I'm trying to understand the specific conditions that require an app to answer export compliance questions, even when ITSAppUsesNonExemptEncryption is explicitly set to NO in the Info.plist.

My understanding is that setting this key to NO should bypass the compliance step, but it seems there are exceptions.

For instance, could any of the following override this setting?

Using certain third-party SDKs that might have their own encryption.

The presence of specific Apple frameworks like CryptoKit or CommonCrypto, even if not used for non-exempt purposes.

Standard HTTPS calls made through WKWebView.

A temporary bug or caching issue in App Store Connect.

I am looking for a definitive list of conditions or official documentation on these exceptions. What are the known triggers that force a compliance review regardless of the Info.plist setting?

could any of the following override this setting?

My understanding is:

• Using certain third-party SDKs that might have their own encryption. -> YES
• The presence of specific Apple frameworks like CryptoKit or CommonCrypto, even if not used for non-exempt purposes. -> YES
• Standard HTTPS calls made through WKWebView. -> NO
• A temporary bug or caching issue in App Store Connect. -> Always possible, but unlikely.