App Export Compliance using the Dropbox API?
If your app uses SSL (HTTPS), then yes it does include encryption. The export compliance rules changed last year though, so you will need an Encryption Registration Number instead of a CCATS number. See this blog post for details.
This seems to be the deciding factor as to whether or not the form is needed. – craig Feb 1 at 2:10 As far as I know, the DropBox API uses 256-bit SSL (I may be wrong, but in that case it would still be a minimum of 128 bits). – Johnny Grass Feb 1 at 3:09 Yea, I heard back from the Dropbox folks as well.
ERN is definitely required. What a pain! – craig Feb 7 at 23:25 Getting an ERN shouldn't take more than 2 weeks though, although having to report every year is a little annoying.
– Johnny Grass Feb 8 at 20:33 Yea, I actually obtained my ERN today. Going to submit an update to Apple soon! – craig Feb 9 at 2:01.
As it happens I'm working on this right now on a related project. The Apple position is clarified in the FAQ in iTunesConnect; (my bold) If your App contains, uses or accesses standard cryptography for purposes other than those listed in questions 2-4, you need to submit for an ERN authorization. Examples of standard encryption are: AES, SSL, https.
This authorization requires that you submit an annual report to two U.S. Government agencies with information about your App every January. It's a pain in the neck, but that is the law if you want to be fully compliant. I'd love to hear that I'm wrong though!PS.
You could always ask for a direct opinion from the Government department concerned here; bis.doc.gov/forms/rpdform.html.
This question (or variations of this question) has been asked before, but as Apple's export compliance rules change relatively frequently, and no one seems to ever get a straight answer, I thought I would ask. I write an iPhone application that uses version 0.2 of the Dropbox API. I have emailed Apple concerning use of this specific API, and I will be sure to update this question as I learn more and hear back from Apple.
In the meantime, if any developer is using the Dropbox API in their iPhone application, did you mark your application as using encryption? Edit: Upon closer inspection, it looks like the file data is also transferred using SSL. Since their API is using the NSMutableURLRequest class over HTTPS though, I still can't determine whether or not this API "uses encryption."
If in the App Store submission page I mark that it does include encryption, Apple then asks if I'm using greater than a 64-bit symmetric encryption key.
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.
Related Questions
Using Dropbox Java API for uploading files to dropbox?
Uploading binary files using dropbox java api?
Why does the No. of incidences of non-compliance indicate 1 when in some cases the Type of non-compliance describes more than one incident?
If health care providers are in compliance with Joint Commission standards, won't that cover HIPAA compliance?
There was a compliance presentation at the recent divisional meeting where I attended and signed in to indicate my participation. Do I still need to attend an Annual Compliance Meeting?
Can a 997 be used to report semantic compliance errors? Do the IGs specify whether or not a 997 can/cannot be used to report semantic compliance errors?