'App Store - Help answering "Missing Compliance" (using Expo + Firebase)

I'm publishing my app to App Store and I have doubts regarding the "Missing Compliance" step.

screenshot apple store UI

Here's some info about the app:

  • I used Expo (Managed workflow). That means I don't have direct access to Xcode.
  • It's a simple 2D video game, free, with Expo ADMob. You can pay to remove Ads.
  • It requests a camera and library permission (to take a picture if the player wants). No Notifications, or any other extra thing.
  • It uses Firebase (Database, Storage, and Analytics) and Sentry. (for HTTPS connections)
  • I didn't manually include any "encryption" custom thing (that I'm aware of)
  • I'm publishing the App from Portugal, Europe. I plan to publish it worldwide, if possible.
  1. Does your app use encryption? I didn't code anything related to it... but I assume I should say yes, right?

step 1: encryption

  1. Does your app qualify for any of the exemptions provided in Category 5, Part 2 of the U.S. Export Administration Regulations?. My app is a simple JS video game, with MobAds. Should I say yes or no?

step 2: exemptions category 5

  1. Does your app implement any encryption algorithms that are proprietary or not accepted as standards by international standard bodies (IEEE, IETF, ITU, etc.)? I did say no... is it right?

step 3 - encryptions algorithms

  1. Does your app implement any standard encryption algorithms instead of, or in addition to, using or accessing the encryption within Apple’s operating system? If I say no, it shows an extra message about HTTPS. My app does use HTTPS for Firebase (Database, Storage, and Analytics) and Sentry.

4. compliance with HTTPS

  1. Finally, if I say yes, it says: Version 0.1.0 (1) cannot be tested at this time because the build does not have associated export compliance documentation. Where do I find this documentation and how can I get it? I'm from Portugal, Europe.

enter image description here

Thank you!

iosreact-nativeencryptionexpoapp-store-connect


Solution 1:[1]

Question 1:

Reply YES as you use HTTPS encryption for connections

Question 2:

For what you said about your app the reply is NO. In brief you don't use any function inside your app that use a custom cryptography or it's strictly medical app. The encryption that you use it's only for data passing from app to server, nothing inside your app is encrypted (app or a part/module of app is not encrypted).

Question 3:

No you don't use a custom crypt algorithm. That is usually used for bank app data inside the app.

Question 4:

Say NO. The US rules give an exception for apps with only HTTPS calls (that is what you do). Read here for a full explanation:

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Nayan Dave

Related Questions

How to make html file encrypted?

Difference result by using sign and verify for signature

Invalid argument(s): Input buffer too short AND Invalid or corrupted pad block

Extract metadata info and Validate digital signature from PDF file using Python

How to convert hexadecimal string to an array of UInt8 bytes in Swift?

file is encrypted or is not a database: , while compiling: select count(*) from sqlite_master;

Getting Started with crypto++ decryption with AES

Create compatible Java "RSA" signature using a PKCS#8 encoded private key

Is there any difference, if I init AES cipher, with and without IvParameterSpec

Flutter - How to decrypt a RSA private key encrypted string if we have RSA public key with us?

Asp.net core, "asn1 encoding routines:asn1_d2i_read_bio:not enough data" error for certificate

How to securely store a user password in java for reuse throughout application

How to store password field in oracle 11g database in encrypted form?

How to store password field in oracle 11g database in encrypted form?

CryptoJS - Decrypt an encrypted file