Navigating Apple's encryption red tape in 2017
January 19, 2017 1:58 AM Subscribe
Question for developers about your experiences submitting apps to the App Store with encryption without having Apple make a big deal of it...
I've made this low-budged chat app where users exchange messages stored on Firebase. It's all pretty secure. Except that for privacy reasons, as DB admin, I'd like it if I could open up the console without seeing people's private messages in JSON plaintext.
So my goal is to encrypt those messages. But Apple has strict policies about the "encryption review" that certain apps must go through if they employ encryption, to satisfy export requirements. Until September 2016 you even had to register your use encryption with the U.S. government. But as of 2017 this has changed. The govenrment no longer even lets you file for the paperwork that Apple asks you to provide if you want to use encryption. Apparently, however, the App Store submission form is out of date and, not having caught up with these changes, still requires you to submit proof that the U.S. government knows about your use of encryption.
Furthermore I've seen rumors on message boards that "encryption review" can add as much as 45 days to your app review process. Oh no! I promised the client I'd publish the app in a couple weeks.
I'm therefore not sure if the trouble is worth it, and am wondering if I should just wait until the next update to provide 128-bit end-to-end encryption.
I'm also just wondering if there is a "lite" level of encryption that will softly scramble the chat messages without bothering Apple. Is there some sweet spot at which Apple does not consider your encryption to be serious enough to review?
For example (this is hypothetical only) if I literally just submitted an app that used the "shift everything 4 letters up" cipher associated with Julius Caesar, would it be more likely to get a pass and to speed through review? What if I just kept the keys short for now, or scrambled the text using a simple password from the keychain?
Anyone have any helpful experiences navigating this maze? Much appreciated.
I've made this low-budged chat app where users exchange messages stored on Firebase. It's all pretty secure. Except that for privacy reasons, as DB admin, I'd like it if I could open up the console without seeing people's private messages in JSON plaintext.
So my goal is to encrypt those messages. But Apple has strict policies about the "encryption review" that certain apps must go through if they employ encryption, to satisfy export requirements. Until September 2016 you even had to register your use encryption with the U.S. government. But as of 2017 this has changed. The govenrment no longer even lets you file for the paperwork that Apple asks you to provide if you want to use encryption. Apparently, however, the App Store submission form is out of date and, not having caught up with these changes, still requires you to submit proof that the U.S. government knows about your use of encryption.
Furthermore I've seen rumors on message boards that "encryption review" can add as much as 45 days to your app review process. Oh no! I promised the client I'd publish the app in a couple weeks.
I'm therefore not sure if the trouble is worth it, and am wondering if I should just wait until the next update to provide 128-bit end-to-end encryption.
I'm also just wondering if there is a "lite" level of encryption that will softly scramble the chat messages without bothering Apple. Is there some sweet spot at which Apple does not consider your encryption to be serious enough to review?
For example (this is hypothetical only) if I literally just submitted an app that used the "shift everything 4 letters up" cipher associated with Julius Caesar, would it be more likely to get a pass and to speed through review? What if I just kept the keys short for now, or scrambled the text using a simple password from the keychain?
Anyone have any helpful experiences navigating this maze? Much appreciated.
Best answer: would your requirement be met by just storing the messages base64 encoded? that's perfectly standard, is in no way "encryption", and stops you from just seeing plaintext messages when you look at stuff in the DB admin console.
posted by russm at 9:21 PM on January 19, 2017
posted by russm at 9:21 PM on January 19, 2017
This thread is closed to new comments.
Ok there is something underlying that needs to be worked out and a possible solution.
First of all, is there any reason it's not being deployed using the Apple Enterprise Developer Program who's sole purpose for existing is deploying custom apps inside an organization? Deploying the app using that program would solve it.
If you're pressing on anyway to the generic app store, use TestFlight to get it into the hands of your clients ASAP so that they have access to the app while the rigmarole gets worked out and the approval process worked through.
posted by Talez at 8:44 AM on January 19, 2017