Export Compliance in the App Store & Play Store
Posted on 18. June 2021 by Jan Bunk
Apple and Google, which own the most popular app stores, are american companies. As they allow users from other countries than the USA to download your app, they are by law exporting the app.
To protect your users and to comply with Apple's guidelines, your app uses encryption. Specifically, it uses the 'HTTPS' protocol, which you might know from your own website. It enables encrypted communication with websites and should be used wherever possible for security reasons.
Even though it sounds weird, these two aspects together mean that Apple and Google are exporting encryption technology for you.
Export Compliance Dialog
After you select a build in App Store Connect, it might ask you questions about your app and export compliance. Please pick the following options in the export compliance dialog:
- Does your app use encryption? Yes
- Does your app qualify for any exemptions? Yes
From our research these are the correct answers when the app uses no special encryption aside from HTTPS.
Consequences
We have found conflicting information on this topic, but Apple says you will need to submit a year-end self classification report to the US government. Failing to report the encryption correctly might lead to the termination of your Apple developer account. However I am not sure whether this has ever happened before and if Apple is in regular communication with the Bureau of Industry and Security about every app. In theory, every app on Apple's and Google's store that uses the internet would have to report to them. This would result in around 4 million emails to them every february.
I can't provide any legal advice or guarantee for any of the information on this topic, it's just my understanding of the situation.
Further reading & sources
- Apple Export Regulations on Cryptography
- How other app developers handle export compliance
- Bureau of Industry and Security: Annual Self Classification
- More explanations from someone regularly submitting the report.
He also provides a template row of the CSV file (can be created in spreadsheet programs) to send to the BIS:
App name, App SKU (Under App Information in App Store Connect), SELF, 5D992.c, MMKT, Mobility and mobile applications n.e.s., Your name, Your phone number, Your email, Your address, no, n/a
- Apple Developer Forum
Related Articles
Just like you might analyze your website visitors' behaviour, you can do the same for your app users. View app download statistics and filter out app users in your website analytics tool.
How to generate keys & keystores and use them to sign your app bundle. Afterwards verify it and upload it to the Play Console.
Granting us Access to Your Google Developer Account for Support
Developer accounts are needed to publish your app. Find out how you can grant us access to yours in case you want us to help you with something.
Jan Bunk
Hi, I'm Jan! I created webtoapp.design in 2019 while studying computer science in university. A lot has changed since then - not only have I graduated, but it's also no longer just me running webtoapp.design. We've grown to a global, fully remote team and have gathered lots of experience around app development and app publishing. We've created and published hundreds of apps in the app stores, where they've been downloaded millions of times.