Hi,
I'm creating an app that is nothing else than a webview with a loaded web page.
However, the URL of the website that is being loaded is secure (with https).
Does that mean that I have to seles "yes" when asked if my app uses non-exempt encryption and I have to go through the process of submitting documents to the US government?
Thank you.
From Apple's documentation on complying with encryption export restrictions:
"Typically, the use of encryption that’s built into the operating system—for example, when your app makes HTTPS connections using
URLSessionhttps://developer.apple.com/documentation/security/complying_with_encryption_export_regulations
Your bigger problem is likely to be 4.2 in the app store review guidelines: "Your app should include features, content, and UI that elevate it beyond a repackaged website."
If I understand correctly from your post and from the extended documentation in the website provided, I shouldn't worry about documentation uploads etc. if I only use https requests in my app.
Though the documention is really confusing, you can't really be sure about what's right and what's not.
By the way, my App is already approved, the website loaded is an web app that works just like an app and has plenty of features.
You use encryption (https). Your use of https encryption is exempt, or, more precisiely, it is not a not-exempt use. More recently regulations actually require you to submit documentation for exempt https encryption - but many many developers are ignoring that requirement and nothing seems to be happening.
When you submit the app you will be asked two questions. I do not recall the exact yes/no but you will answer the first question in a way that causes you to be presented with the second question. (e.g. 'yes' I use encryption but 'yes' it is exempt' or 'yes' I use encryption but 'no' it is not 'non-exempt').
You can also do this through an info.plist entry as described here:
I do not recommend the plist approach for a very nuanced reason. Action A - Answering the two questions honestly and then failing to submit a report is IMHO argueably a minor disgression. Action B- Answering the first question falsely to avoid the second question may not be a minor transgression. Using the plist approach and failing to submit the report may argueably be interpreted as pursuing Action B rather than Action A.