https calls to Appery backend and export compliance implications for iOS apps
We are utilizing Appery backend services and calling server code within our project. All URLs for REST calls seem to be https based. During iOS app submission, Apple customarily asks about whether the "app contains encryption" and if the answer is yes (https seems to necessitate that the answer be yes - see link to iTunes FAQ below - unless one can claim exemption) there are further requirements for going through what seem to be elaborate procedure for getting export compliance from multiple government entities, even before the app can be reviewed. However there are exemptions for general "mass market" apps (please see below).
http://stackoverflow.com/questions/21...
https://itunesconnect.apple.com/WebOb...
I have the following questions:
(1) With https calls to Appery database/server code, can you please comment on whether the following specified by Apple holds for the https calls (if so, this would conveniently allow for us to get an exemption making the launch process significantly easier):
---There are several exemptions available in US export regulations under Category 5 Part 2 (Information Security & Encryption regulations) for applications and software that use, access, implement or incorporate encryption.
You can answer “YES” to the question if you meet any of the following criteria:
(iv) your app is a mass market product with key lengths not exceeding 64 bits symmetric, or if no symmetric algorithms, not exceeding 768 bits asymmetric and/or 128 bits elliptic curve.
---(2) Secondly, is there a way to convert the calls to http?
(3) Finally, since you guys routinely launch/help launch apps, your experience on above matter (simple https calls and no other encryption in an app can require export compliance?) would be really appreciated as well.
Our app is awaiting review on app store, so a prompt feedback would be much appreciated and helpful!