Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Encryption Export Regulations. Why should mobile developers care?

Encryption Export Regulations. Why should mobile developers care?

Dee939e8aa52d13793b2f0c5e463777b?s=128

Julia Potapenko

June 10, 2021
Tweet

More Decks by Julia Potapenko

Other Decks in Programming

Transcript

  1. Encryption Export Regulations Julia Potapenko Why should mobile developers care?

  2. Security Software Engineer @julepka We help companies to protect their

    sensitive and valuable data.
  3. … disclaimer: I am not a lawyer, and this is

    not legal advice …
  4. App Distribution

  5. App Distribution App App Store or Google Play Upload

  6. App Distribution App App Store or Google Play Upload 🇺🇸

    US Servers
  7. App Distribution App App Store or Google Play Upload 🇺🇸

    US Servers 🌍 Distribute
  8. App Distribution App App Store or Google Play Upload 🇺🇸

    US Servers 🌍 Distribute = Export
  9. App Distribution App App Store or Google Play Upload 🇺🇸

    US Servers 🌍 Distribute = Export US Export Regulations.
  10. App Distribution App App Store or Google Play Upload 🇺🇸

    US Servers 🌍 Distribute = Export US Encryption Export Regulations.
  11. App Distribution App App Store or Google Play Upload 🇺🇸

    US Servers 🌍 Distribute = Export US Encryption Export Regulations. Import
  12. Do I have encryption in my app?

  13. Do I have encryption in my app? https://help.apple.com/app-store-connect/#/dev88f5c7bf9 Use of

    encryption includes, but not limited to: • Making calls over secure channels (i.e. HTTPS, SSL, and so on). • Using standard encryption algorithms. • Using crypto functionality from other sources such as native libraries. • Using proprietary or non-standard encryption algorithms.
  14. Do I have encryption in my app? https://help.apple.com/app-store-connect/#/dev88f5c7bf9 Use of

    encryption includes, but not limited to: • Making calls over secure channels (i.e. HTTPS, SSL, and so on). • Using standard encryption algorithms. • Using crypto functionality from other sources such as native libraries. • Using proprietary or non-standard encryption algorithms. Less headache
  15. Do I have encryption in my app? https://help.apple.com/app-store-connect/#/dev88f5c7bf9 Use of

    encryption includes, but not limited to: • Making calls over secure channels (i.e. HTTPS, SSL, and so on). • Using standard encryption algorithms. • Using crypto functionality from other sources such as native libraries. • Using proprietary or non-standard encryption algorithms. More headache Less headache
  16. Do I have encryption in my app? https://help.apple.com/app-store-connect/#/dev88f5c7bf9 Use of

    encryption includes, but not limited to: • Making calls over secure channels (i.e. HTTPS, SSL, and so on). • Using standard encryption algorithms. • Using crypto functionality from other sources such as native libraries. • Using proprietary or non-standard encryption algorithms. More headache Less headache File and send a required report
  17. Do I have encryption in my app? https://help.apple.com/app-store-connect/#/dev88f5c7bf9 Use of

    encryption includes, but not limited to: • Making calls over secure channels (i.e. HTTPS, SSL, and so on). • Using standard encryption algorithms. • Using crypto functionality from other sources such as native libraries. • Using proprietary or non-standard encryption algorithms. More headache Less headache File and send a required report You’ll need legal help
  18. Annual self-classification report How? – Send the report as an

    attachment to BIS and ENC emails What? – A specific CSV-formatted file Where? – See the official website for correct emails When? – No later than Feb 1 of the following year https://www.bis.doc.gov/index.php/policy-guidance/encryption/4-reports-and-reviews/a-annual-self-classification
  19. Report Example PRODUCT NAME: Awesome App! MODEL NUMBER: 1.10.2 MANUFACTURER:

    SELF / Tom Smith Inc. ECCN: 5D992.c AUTHORIZATION TYPE: MMKT ITEM TYPE: Mobility and mobile applications n.e.s. SUBMITTER NAME: Tom Smith TELEPHONE NUMBER: (222) 123-4567 E-MAIL ADDRESS: tom.smith@email.com MAILING ADDRESS: 123 Smith St. Washington DC 22032 NON-U.S. COMPONENTS: N/A NON-U.S. MANUFACTURING LOCATIONS: N/A https://www.bis.doc.gov/index.php/component/docman/?task=doc_download&gid=1675
  20. Report Example PRODUCT NAME: Awesome App! MODEL NUMBER: 1.10.2 MANUFACTURER:

    SELF / Tom Smith Inc. ECCN: 5D992.c AUTHORIZATION TYPE: MMKT ITEM TYPE: Mobility and mobile applications n.e.s. SUBMITTER NAME: Tom Smith TELEPHONE NUMBER: (222) 123-4567 E-MAIL ADDRESS: tom.smith@email.com MAILING ADDRESS: 123 Smith St. Washington DC 22032 NON-U.S. COMPONENTS: N/A NON-U.S. MANUFACTURING LOCATIONS: N/A https://www.bis.doc.gov/index.php/component/docman/?task=doc_download&gid=1675 Commonly used values Update with your info
  21. Apple Guide Informs you when you submit a build. Explains

    export regulations in a simple language in multiple pages. Requires extra review if you have custom encryption.
  22. Apple Guide Google Guide Informs you when you submit a

    build. Explains export regulations in a simple language in multiple pages. Requires extra review if you have custom encryption. Single page of “it depends” information.
  23. Useful links BIS official guide: https://www.bis.doc.gov/index.php/policy-guidance/ encryption/4-reports-and-reviews/a-annual-self-classification BIS official example:

    https://www.bis.doc.gov/index.php/component/docman/? task=doc_download&gid=1675 ECFP official instructions: https://www.ecfr.gov/cgi-bin/retrieveECFR? gp=1&SID=4150cfbf028e9a85574385383a581f47&h=L&mc=true&n=pt15.2.742&r=PART &ty=HTML#ap15.2.742_119.6
  24. Useful links Our experience: https://docs.cossacklabs.com/themis/regulations/us-crypto- regulations/ Apple guide: https://help.apple.com/app-store-connect/#/dev88f5c7bf9 Google

    guide: https://support.google.com/googleplay/android-developer/ answer/113770?hl=en Wikipedia: https://en.wikipedia.org/wiki/ Export_of_cryptography_from_the_United_States
  25. Thank you! @julepka Photo by Lukas Blazek https://unsplash.com/@goumbik