Does my app use non exempt encryption?

App Store Distribution & Marketing App Store Connect
victoriomolinabermejo OP
Created Jun ’22
Replies 2
Boosts 0
Views 1.1k
Participants 3

Hi,

I have implemented a React Native (Expo) serverless (microservice architecture) app which connects to Firebase (Firestore, Callable Cloud Functions, Storage Bucket) from the client side.

Also, from my Cloud Functions, I perform queries to other third-parties like Azure, Spotify, Google Maps, Google Vision, Google Translation, and GIPHY.

In my app I have a chat system, protected with Firestore and Storage Security Rules, without any kind of encryption we can see on Telegram, WhatsApp...

What should I answer to this question? Yer or No?

Replies  2
Boosts  0
Views  1.1k
Participants  3
Claude31 OP
Jun ’22

I would either:

  • contact Firebase (or ask on their forum)

or

  • answer NO and explain why you answered no, in the comments for reviewer section.
0
Hoffman OP
Jun ’22

In years past, the answer to this was no. Admins had access to chats. For details, there's a StackOverflow 2018 thread entitled End to end encryption with Firestore with some background.

More generally, if you're not prepared to be subpoenaed into some court or committee somewhere to defend your answer and your implementation should things go sideways, then "no" is the safest answer. That, or check with your local legal staff, if you have one.

Rather than Telegram or WhatsApp, Signal would likely be the most likely comparison. Telegram didn't (and may still not) default to encrypted 1:1 chats, unless the user selected the "secure chat" setting.

See page 177 and following for Apple's answer for iMessage, and the considerations cited by Apple: https://help.apple.com/pdf/security/en_US/apple-platform-security-guide.pdf

0
Does my app use non exempt encryption?
First post date Last post date
 
 
Q