I was going to submit an update to my app on Mac App Store today. Never thought about encryption as a “special case” until now.
When I choose “Ready to upload binary” Apple asks me If I’ve implemented any encryption in my app since the last update.
The thing is I HAVE added encryption for one feature.
There’s a “Contact us ” feature that allows the user to send us an e-mail.
This feature actually calls a PHP script on our server that in turn does the actual sending of the email.
This PHP script receives the “data” for the email in an AES encrypted parameter and decrypts it to populate the e-mail.
The information is NOT STORED anywhere in it’s encrypted form.
[quote=70494:@Horst Jehle]I have an App in MAS that has a encrypted Database and use the keystore. I have answered “Yes” to the encrption question in MAS. The application was released without any question from Apple.
Show iTAN in AppStore.[/quote]
Okay, that sounds promising
I did find the “Flowchart” that would determine if my app is controlled or not.
I’ve gotten down to “Part” 3: Is the product described by Note 4?" But I don’t really know what “Note 4” is…
I think this means that you not export encryption outside USA. You can store encryption data on a server in USA for a App in the US AppStore. But a App in USA should not store encryption data on a server in Irland etc. for example.
That was my understanding in 2012 for a iPhone App that save data with a very simple encryption on Dropbox. I mean a I sayed no and the app is in the store. I see that is a little bit scary.
This app does not store any encrypted data anywhere. It only transfers some data in an encrypted form to a PHP script on our server here in Sweden. This PHP script does not store it either, only decrypts it.
Found “Note 4”. If my app meets all these requirements it would NOT be controlled under EAR.
Can’t make it out though. Anyone knowledgeable about this stuff?
As stated above the app doesn’t store anything. Only sends it to a script.