TIP : Apple Store and Encryption Laws

The last few apps (iOS/AppleTV) I submitted required I verified that the app did not involve any data encyption techniques…

There is a pList entry you can make to auto-answer this so you aren’t held up each time you submit an update


Great tip and thanks @DaveS!

Thanks for the tip.
I’m definitively never going to use the Mac App Store.
How may one make, say, password-protected documents without encrypting the contained texts?

If you use the crypto tools built-into the Mac, this is allowed.

I recall this is not actually Apple’s rule, it’s a US Government rule where certain encryption methods are illegal or require authorization from the US government to use in a product. It’s a fairly old rule.

Its not a matter of allowed or not allowed. Its a matter of are you or are you not
If you are not (which the entry says you are not), then its not a big deal.
If you ARE, then Apple requires more information/explanation before it can approve you app.

So, if an app needs encrypting anyway, can we deliver apps that don’t target USA in the App Store? (not saying I don’t want to make apps for there, but just for this case)

If you use the Crypto built into the macOS, you have nothing to worry about.

I get this, but with the time I’ve spent in making my own archive format, I’m not ready to give up with it.
Well, the App Store is too restrictive in too many areas anyway. I hardly understand why it’s even considered as a good way to deliver applications.

1 Like

Curious: when does ‘binary file format that is undocumented’ become ‘proprietary encryption’ ?

1 Like

what does that have to do wht data encyrption. This whole topic has to do with if your app deals with encypted DATA either stored or transmitted, using any proprietary encyrption method. This is a restriction created by the United States Federal Government not by Apple. It has nothing to do with how you store your source code on your own system.

what does that have to do wht data encyrption<<

I’m talking about data, not source code.

If you choose to store (from your app) data that could have been text, but zipped, reversed, and XOR -ed with (say) 118 , it’s pretty effectively encrypted.
And just as unreadable as an SHA-256 encrypted file , unless you know what was done to create it, even though it’s not using any fancy libraries or secret algorithms.

Even a compressed bitmap is pretty unintelligble unless you know the algorithm used to compress it.

That requires you familiarize your self with the US Encryption laws … all I was doing was providing a method to not have to answer the question everytime you deployed if in fact you did not use it.

And that’s why I asked if you can deliver for selected countries only, basically avoiding countries that have these “encryption laws”.

I don’t think so, because Apple is a U.S. company.

Ah, ok. It works like that. Thanks for your answer.

So, basically, if you live in the USA, you have to follow the USA laws and if you’re elsewhere, you have to follow both the USA laws and your own country laws (and perhaps additional international laws in both cases).
Is this not unfair for “us”, outside of the USA?

In terms of the App Store, it’s because they’re based in the US.

Yes, understood.
But then I’d assume you must apply laws of the countries you’re selling.
If you don’t sell for your own country, do you have to follow its laws?

The same way developers and companies in the US have to follow GDPR…