1 Reply
      Latest reply on Aug 11, 2019 3:21 PM by PBK
      michaelderiso14 Level 1 Level 1 (0 points)

        I am ready to submit my app for beta testing. I uploaded the build to App Store Connect, however, I'm unsure about providing a Missing Complance. I use Firebase for Phone Authentication, Crashlytics, and Cloud Firestore in my app. Does that use HTTPS or SSL encryption that I should "Yes" to that question. Or should I say "No" to that question?


        Thank you.

        • Re: What should I select for "Export Compliance"?
          PBK Level 7 Level 7 (3,195 points)

          If you access any https website then you are using https.

          You can always assume you are using encryption somewhere and say 'yes' to that question and then say you are exempt from the regulations in the next question.

          • Re: What should I select for "Export Compliance"?
            KMT Level 9 Level 9 (14,505 points)

            Nothing about your app falls under the auspices of US export restrictions.  Read what Apple has to say about your options, and resist being (further) confused by casual/anecdotes you may encounter in the process.


            Quoting the docs (emphasis mine):


            Complying with Encryption Export Regulations



            Every time you submit a new version of your app, App Store Connect asks you questions to guide you through a compliance review. You can bypass these questions and streamline the submission process by providing the required information in your app’s Information Property List file.


            Declare Your App’s Use of Encryption

            Add the ITSAppUsesNonExemptEncryption key to your app’s Info.plist file with a Boolean value that indicates whether your app uses encryption. Set the value to NO if your app—including any third-party libraries it links against—doesn’t use encryption, or if it only uses forms of encryption that are exempt from export compliance documentation requirements. Otherwise, set it to YES.


            Typically, the use of encryption that’s built into the operating system—for example, when your app makes HTTPS connections using URLSession—is exempt from export documentation upload requirements, whereas the use of proprietary encryption is not. To determine whether your use of encryption is considered exempt, see Determine your export compliance requirements.



            In your example, my opinion is that you should answer 'no', but as outlined above, declaring so via Info.plist allows you to bypass that question all together. Don't complicate the process otherwise.


            Assuming this email is still active, if you have questions related to export compliance and your app's use of encryption, please contact the App Store Export Compliance team at appstore.ec@apple.com.