If you see "Missing Compliance" warning while uploading your builds into App Store Connect, then you are not alone to be frustrated. But there is an easy solution that would save time and smoothen the submission process.
Quick Solution to the Warning:
If your existing app doesn't use nonexempt encryption, you can fix it by adding the ITMTSAppUsesNonExemptEncryption
key in the app's Info.plist file in Xcode:
xml
Copy code
ITSAppUsesNonExemptEncryption
This tells Apple that your app does not use encryption involved in additional export compliance measures. Next build upload, and the warning disappears.
What Is "App Uses Non-Exempt Encryption"?
The ITSAppUsesNonExemptEncryption key declares whether or not your app uses encryption that is covered by U.S. export compliance regulations.
Non Exempt Encryption in iOS
Non-exempt encryption does not refer to any mandatory exemptions in regulatory review. It could include:
Securing user data
Protecting the operation between servers and clients
Enabling features like VPNs, secure storage, or cryptographic APIs
If your app does this, it will include additional steps during the submission process.
Why Is This Declaration Important?
Such declaration is required by Apple for adherence to U.S. government export export regulations. The working of both the scenarios is as follows:
If Your App Doesn't Use Non Exempt Encryption:
Adding the ITSAppUsesNonExemptEncryption
set to NO in your Info.plist file helps in avoiding unnecessary compliance reviews and warnings in App StoreConnect.
If Your App Uses Non Exempt Encryption:
In this case, you will need to provide export compliance information while submitting, as mentioned below.
What to Provide If You Use Non-Exempt Encryption
If you have an application using non-exempt encryption, you will need to:
- Answer Export compliance questions of the application including the following: Declare "Yes" during App Store submission when asked on encryption.
- Register for Encryption compliance: You may need to: Register your app with the U.S. Bureau of Industry and Security (BIS). To obtain a Commodity Classification Automated Tracking System (CCATS) number if applicable.
- Submit Detailed Encryption Information: Prepare and submit the following details: Encryption types (e.g., symmetric or asymmetric), purpose (e.g., to secure communications and data protection), algorithms and key lengths (e.g., AES-256, RSA), scope of encryption (local storage, data in transit), Export Control Classification Number (ECCN), if available.
- Documentation for Non-Exempt Encryption: If applicable, submit: A detailed description of your app's encryption functionality. Proof of BIS registration or CCATS number.
- Allow Additional Review Extensions Apple may forward your encryption details for review to the U.S. government, which may increase the approval time of your app.
Common Reasons for "YES"
- Custom Encryption: Proprietary algorithms used in your app.
- Cryptographic APIs: Use of low-level cryptographic APIs.
- Security Features: Apps that provide end-to-end encryption, blockchain wallets, or VPN functionality.
Your application follows these steps to make sure your application complies with export regulations and goes through Apple's review process without delay.
Set ITSAppUsesNonExemptEncryption
to what your app should be, and save the app from unnecessary compliance trouble in your next App Store submission!
Reference:
https://developer.apple.com/documentation/security/complying-with-encryption-export-regulations
Top comments (0)