Encryption in Mac App Store apps..?

Targets macOS
1

I was going to submit an update to my app on Mac App Store today. Never thought about encryption as a “special case” until now.
When I choose “Ready to upload binary” Apple asks me If I’ve implemented any encryption in my app since the last update.

The thing is I HAVE added encryption for one feature.
There’s a “Contact us…” feature that allows the user to send us an e-mail.
This feature actually calls a PHP script on our server that in turn does the actual sending of the email.
This PHP script receives the “data” for the email in an AES encrypted parameter and decrypts it to populate the e-mail.
The information is NOT STORED anywhere in it’s encrypted form.

Does this require me to answer “Yes” on Apples question? I would guess so?…
Apple gives this link to read: http://www.bis.doc.gov/index.php/policy-guidance/encryption

Any help here is greatly appreciated!
Don’t really know where to begin… :slight_smile:

2

I have an App in MAS that has a encrypted Database and use the keystore. I have answered “Yes” to the encrption question in MAS. The application was released without any question from Apple.

Show iTAN in AppStore.

3

[quote=70494:@Horst Jehle]I have an App in MAS that has a encrypted Database and use the keystore. I have answered “Yes” to the encrption question in MAS. The application was released without any question from Apple.

Show iTAN in AppStore.[/quote]
Okay, that sounds promising :slight_smile:
I did find the “Flowchart” that would determine if my app is controlled or not.
I’ve gotten down to “Part” 3: Is the product described by Note 4?" But I don’t really know what “Note 4” is…:confused:

4

I think this means that you not export encryption outside USA. You can store encryption data on a server in USA for a App in the US AppStore. But a App in USA should not store encryption data on a server in Irland etc. for example.

That was my understanding in 2012 for a iPhone App that save data with a very simple encryption on Dropbox. I mean a I sayed no and the app is in the store. I see that is a little bit scary. :frowning:

5

Sorry, not only for a APP for US store. Your App will import to USA and USA will not that encryption export.

6

This app does not store any encrypted data anywhere. It only transfers some data in an encrypted form to a PHP script on our server here in Sweden. This PHP script does not store it either, only decrypts it.

7

Found “Note 4”. If my app meets all these requirements it would NOT be controlled under EAR.
Can’t make it out though. Anyone knowledgeable about this stuff?
As stated above the app doesn’t store anything. Only sends it to a script.

8

Well, one way out of this is to use a simple Base64 encoding instead I guess?
It’s not really sensitive data beeing sent. It’s the users name, e-mail address and his/hers message.

9

I’ll do just that. Don’t have time for this.
Thanks for your assistance guys :slight_smile:

10

Perhaps a US peoble or a lawyer can say more about this better. ;-).

I do things and I make that flexible and Apple can say yes or no ;-). Who have the time for check everything? :wink: