Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Encryption Export Regulations. Why should mobile developers care?

Julia Mezher
June 10, 2021
Programming
0
170

Encryption Export Regulations. Why should mobile developers care?

Julia Mezher

June 10, 2021
Tweet

More Decks by Julia Mezher

See All by Julia Mezher
Crypto wallets security: for developers
julep
0
2.9k
React Native Security
julep
0
360
Why can't developers make it secure?
julep
0
2.5k
The Art of Secure Architecture
julep
0
900
Common iOS Vulnerabilities and How to Fix Them
julep
1
1.8k
React Native Security
julep
0
280
Secure Authentication. Are you sure you do it right?
julep
1
670
Making Authentication More Secure
julep
0
380
Touch ID and Face ID. Is It Secure?
julep
1
440

Other Decks in Programming

See All in Programming
Site Reliability Engineering for GMO
pyama86
7
1k
VS Code をプロダクトにどう取り込むか
onomax
1
350
見た目から始める生産性向上
ikumatadokoro
7
810
ゆるい個人開発のススメ
kuroppe1819
10
980
[技育CAMPアカデミア]アイディアを形に!【超入門】スマホアプリ開発〜リリースまでの流れをご紹介
teamlab
PRO
0
360
TYPO3 v13 – The road to LTS: What's new and new APIs
luisasofie_xoxo
0
190
今、知っておきたい! 生成AIエージェントの世界
elith
3
350
Fragment Composition of GraphQL
quramy
3
390
Changed Rules: Architectures with Lightweight Stores
manfredsteyer
PRO
0
240
単体テストを書かない技術 #phpcon_odawara
o0h
PRO
26
8.2k
ONE WEDGE_company_guide
1wedge_one
0
460
Designing for tomorrow's programming workflows
honnibal
PRO
2
120

Featured

See All Featured
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
116
18k
Facilitating Awesome Meetings
lara
42
5.6k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
274
13k
Building Adaptive Systems
keathley
31
1.9k
Debugging Ruby Performance
tmm1
70
11k
The Invisible Customer
myddelton
114
12k
Mobile First: as difficult as doing things right
swwweet
216
8.6k
The Invisible Side of Design
smashingmag
294
49k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
2
1.3k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
501
140k
Producing Creativity
orderedlist
PRO
337
39k
Teambox: Starting and Learning
jrom
128
8.4k

Transcript

  1. Encryption Export Regulations Julia Potapenko Why should mobile developers care?

  2. Security Software Engineer @julepka We help companies to protect their

    sensitive and valuable data.

  3. … disclaimer: I am not a lawyer, and this is

    not legal advice …

  4. App Distribution

  5. App Distribution App App Store or Google Play Upload

  6. App Distribution App App Store or Google Play Upload 🇺🇸

    US Servers

  7. App Distribution App App Store or Google Play Upload 🇺🇸

    US Servers 🌍 Distribute

  8. App Distribution App App Store or Google Play Upload 🇺🇸

    US Servers 🌍 Distribute = Export

  9. App Distribution App App Store or Google Play Upload 🇺🇸

    US Servers 🌍 Distribute = Export US Export Regulations.

  10. App Distribution App App Store or Google Play Upload 🇺🇸

    US Servers 🌍 Distribute = Export US Encryption Export Regulations.

  11. App Distribution App App Store or Google Play Upload 🇺🇸

    US Servers 🌍 Distribute = Export US Encryption Export Regulations. Import

  12. Do I have encryption in my app?

  13. Do I have encryption in my app? https://help.apple.com/app-store-connect/#/dev88f5c7bf9 Use of

    encryption includes, but not limited to: • Making calls over secure channels (i.e. HTTPS, SSL, and so on). • Using standard encryption algorithms. • Using crypto functionality from other sources such as native libraries. • Using proprietary or non-standard encryption algorithms.

  14. Do I have encryption in my app? https://help.apple.com/app-store-connect/#/dev88f5c7bf9 Use of

    encryption includes, but not limited to: • Making calls over secure channels (i.e. HTTPS, SSL, and so on). • Using standard encryption algorithms. • Using crypto functionality from other sources such as native libraries. • Using proprietary or non-standard encryption algorithms. Less headache

  15. Do I have encryption in my app? https://help.apple.com/app-store-connect/#/dev88f5c7bf9 Use of

    encryption includes, but not limited to: • Making calls over secure channels (i.e. HTTPS, SSL, and so on). • Using standard encryption algorithms. • Using crypto functionality from other sources such as native libraries. • Using proprietary or non-standard encryption algorithms. More headache Less headache

  16. Do I have encryption in my app? https://help.apple.com/app-store-connect/#/dev88f5c7bf9 Use of

    encryption includes, but not limited to: • Making calls over secure channels (i.e. HTTPS, SSL, and so on). • Using standard encryption algorithms. • Using crypto functionality from other sources such as native libraries. • Using proprietary or non-standard encryption algorithms. More headache Less headache File and send a required report

  17. Do I have encryption in my app? https://help.apple.com/app-store-connect/#/dev88f5c7bf9 Use of

    encryption includes, but not limited to: • Making calls over secure channels (i.e. HTTPS, SSL, and so on). • Using standard encryption algorithms. • Using crypto functionality from other sources such as native libraries. • Using proprietary or non-standard encryption algorithms. More headache Less headache File and send a required report You’ll need legal help

  18. Annual self-classification report How? – Send the report as an

    attachment to BIS and ENC emails What? – A specific CSV-formatted file Where? – See the official website for correct emails When? – No later than Feb 1 of the following year https://www.bis.doc.gov/index.php/policy-guidance/encryption/4-reports-and-reviews/a-annual-self-classification

  19. Report Example PRODUCT NAME: Awesome App! MODEL NUMBER: 1.10.2 MANUFACTURER:

    SELF / Tom Smith Inc. ECCN: 5D992.c AUTHORIZATION TYPE: MMKT ITEM TYPE: Mobility and mobile applications n.e.s. SUBMITTER NAME: Tom Smith TELEPHONE NUMBER: (222) 123-4567 E-MAIL ADDRESS: [email protected] MAILING ADDRESS: 123 Smith St. Washington DC 22032 NON-U.S. COMPONENTS: N/A NON-U.S. MANUFACTURING LOCATIONS: N/A https://www.bis.doc.gov/index.php/component/docman/?task=doc_download&gid=1675

  20. Report Example PRODUCT NAME: Awesome App! MODEL NUMBER: 1.10.2 MANUFACTURER:

    SELF / Tom Smith Inc. ECCN: 5D992.c AUTHORIZATION TYPE: MMKT ITEM TYPE: Mobility and mobile applications n.e.s. SUBMITTER NAME: Tom Smith TELEPHONE NUMBER: (222) 123-4567 E-MAIL ADDRESS: [email protected] MAILING ADDRESS: 123 Smith St. Washington DC 22032 NON-U.S. COMPONENTS: N/A NON-U.S. MANUFACTURING LOCATIONS: N/A https://www.bis.doc.gov/index.php/component/docman/?task=doc_download&gid=1675 Commonly used values Update with your info

  21. Apple Guide Informs you when you submit a build. Explains

    export regulations in a simple language in multiple pages. Requires extra review if you have custom encryption.

  22. Apple Guide Google Guide Informs you when you submit a

    build. Explains export regulations in a simple language in multiple pages. Requires extra review if you have custom encryption. Single page of “it depends” information.

  23. Useful links BIS official guide: https://www.bis.doc.gov/index.php/policy-guidance/ encryption/4-reports-and-reviews/a-annual-self-classification BIS official example:

    https://www.bis.doc.gov/index.php/component/docman/? task=doc_download&gid=1675 ECFP official instructions: https://www.ecfr.gov/cgi-bin/retrieveECFR? gp=1&SID=4150cfbf028e9a85574385383a581f47&h=L&mc=true&n=pt15.2.742&r=PART &ty=HTML#ap15.2.742_119.6

  24. Useful links Our experience: https://docs.cossacklabs.com/themis/regulations/us-crypto- regulations/ Apple guide: https://help.apple.com/app-store-connect/#/dev88f5c7bf9 Google

    guide: https://support.google.com/googleplay/android-developer/ answer/113770?hl=en Wikipedia: https://en.wikipedia.org/wiki/ Export_of_cryptography_from_the_United_States

  25. Thank you! @julepka Photo by Lukas Blazek https://unsplash.com/@goumbik