Using SSL in an iPhone App

2018-06-09 05:37:41

I'm looking at creating an iPhone app that will communicate with a REST Web service. Because some user-sensitive data (name, address, age, etc) will be transmitted, I'm looking at securing the connections with SSL.

However, on my previous escapades into App Store submission, I saw that the first question I get asked is "Does your application use encryption?" and depending on the answer to this and other follow-up questions, may require US export compliance.

My company is not based in the US, nor do we have a US office.

Has anyone else submitted an app using SSL for this sort of purpose? If so, did you need to do anything to get permission to use it, either from Apple or from the US government?

Update as of 20th September 2016

ERN's are no longer required, so it seems many apps will no longer need to register with the US government. (Though you may still need to file a bi-annual Supp. No. 8 to Part 742 report.) http://www.bis.doc.gov/InformationSecurity2016-updates

(Thanks to @EugenioDeHoyos and @user3562927 for pointing this out!)

French Government registration is still required to sell in France.

The iTunes Connect FAQs have been updated to cover this change and are the most readable reference I've found.

Old Answer

The process has changed, as of Summer 2010, and you (probably) need an ERN now, not a CCATS as was necessary at the time John wrote his answer.

See Apple iTunes export restrictions on apps. The iTunes connect faq also contains a lot of useful information on export compliance.

There are also now restrictions that apply to distributing apps with encryption on the French app store - see the itunes connect FAQ and the French Export Compliance thread on the devforums.

I actually went back to Apple and it turns out that any application using SSL does need approval (unfortunately). There are apparently some exceptions, such as if the application uses SSL only for a single payment transaction.

There is more information in Mass Market Encryption CCATS Commodity Classification for iPhone Applications in 8 Easy Steps and iPhone Encryption Export Compliance for Apps making HTTPS (TLS) Connections.

All these answers are obsolete as of September 20th, 2016. I just got off the phone with the SNAP-R folks (government), and they said that new legislation landed on September 20th. The new regulation removes the requirement to register your app simply because it uses encryption.

I described my app (a game) to them, and they said it's an "EAR-99", which means that I don't have to register. It's likely that Apple is about to update their website. But in the meantime, if you're trying to go through this process because you use SSL/HTTPS, just stop now. You won't even be successful in filling out the forms, because they have changed significantly.

链接地址: http://www.djcxy.com/p/27736.html

上一篇: 我的应用程序是否“包含加密”？

下一篇: 在iPhone应用程序中使用SSL