This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Using SSL in an iPhone App - Export Compliance
I am going to upload an iPhone app to the app store which uses REST webservice. I am using ASIHTTPRequest for making connection to the server and get datas. The following are the things to note
URL starts with "https"
[request setValidatesSecureCertificate:NO] (When set to yes, I am only getting SSL error messages.)
Should I say my app supports encryption while submitting to the app store?
I'm not sure from the description whether you are setting up an SSL tunnel successfully or just transferring a certificate for site authentication.
In either case, you should probably call the Department of Commerce / Bureau of Industry and Security help desk at 202-482-0707 and get some guidance about what, if any, export restrictions would apply.
There is also a web site at http://www.bis.doc.gov/encryption
You only need to explicitly say your app "supports encryption" is your app uses some other form of encryption that what Apple provides in public API:s.
Using NSURLRequest with a https address is a public API, and no extra work needed on your part.
If you compile and bundle OpenSSL into your app yourself… well that is a completely different story and you are into allot of extra work.
Related
My mobile app needs to connect to a server with self-signed certificate only. Is it possible to do this? Because the app is built using codenameone, there are many Java classes missing and thus I can't use normal Java solution.
The app needs to be run in both iOS and Android.
Thanks for any suggestions.
At this time this isn't supported since Codename One uses the native connection API's on the various platforms (e.g. NSUrl on iOS so this can't be implemented there.
In fact Apple recently limited the ability to access non-https URLs so even if this was added it might trigger an issue with Apple's future policies.
Since valid certificates can be purchased for 5USD the motivation in using self signed certificates is much lower than it used to be in the past.
This question already has answers here:
Does my application "contain encryption"?
(14 answers)
Closed 9 years ago.
I'm developing an iPhone app which edits PDF files.
If I allow users to decrypt the PDF file using a password, do I need to check the "This app contains or incorporates cryptography" checkbox when submitting the app to the app store? The app does not output any encrypted files, simply accepts a password from the user if the file is already encrypted.
Also, one of the ways a user can get a pdf into the app is by supplying a URL, since this URL may be over a https connection, does this makes the app "incorporate cryptography" even if I am just downloading a user requested file into the app and no more.
And if so, is there a way I can disable https connections and sidestep the issue for now? (I am using NSURLRequest to download the file)
The question is answered in the following well voted thread. In short, yes if you are using any cypher to decrypt or if you are using https. It is to comply with the US Export regulations.
I just started creating custom client application for IOS, Which i have already developed for PC and Android clients. Idea of these apps is to use SQLite database file, which is created in PC admin app and is actualized by Internet. Development of this application is payed from one company and shoud be distributed to selected group of people.
What i want to ask is how to distribute this IOS application to certain audience of people (who has right to use it)? Should I put it on app store as free app without database file which should be downloaded to iphone from secret site?
The best way to do it is via the iOS Developer Enterprise Program.
As for the data, you could link it to a web API if the data is growing or changing regularly. But for static data, you could distribute it by including it in the application itself. See CoreData and other tools for more information.
You can also release it for free on App Store and provide a custom login. However, this is not recommended as this application is useless for the rest of the world. The only reason you would want to do this is if your custom clients can register on your website or some place else and you want to allow them to access the app. This is generally done for subscription based applications. But I presume yours is not such a case.
There is also Ad Hoc distribution, but with that you are limited to 100 devices.
You can read more about distribution.
Note: this may not be the bust way but here is my solution for it
I established a server and set user credentials on the server before, i share credentials with the client and he/she logs in with them.. Later they can edit their credentials, my app is on the store for any body but someone who doesnt have those credentials can't log in..
What you're trying to do is this:
https://developer.apple.com/programs/ios/enterprise/
An ad-hoc distribution is your solution.
https://developer.apple.com/programs/ios/distribute.html
If you're planning to distribute the app to more than 100 people, go for their Enterprise program:
https://developer.apple.com/programs/ios/enterprise/
This question already has answers here:
Closed 11 years ago.
Possible Duplicate:
Using SSL in an iPhone App - Export Compliance
I am in Germany, and I am using OpenSSL for encryption on my iPhone App.
How is the best way to get the app in the app store? Should I get a TSU-Notification, SNAP-R, or something else?
Please see this question:
Using SSL in an iPhone App - Export Compliance
JosephH's answer to that question is probably quite relevant: it appears that these days Apple is accepting ERNs and you don't need CCATS. (However, Apple's current iTunes connect document still references the need for CCATS.)
This question is also related:
Does my application "contain encryption"?
The best way is to start by reading the Bureau of Industry and Security web site at http://www.bis.doc.gov/encryption and then call the help desk at 202-482-0707 if you have questions about your specific application.
TSU only applies if your app is "publicly available" and the fact that you're using OpenSSL does not mean your app is authorized for export as well.
I have two requirements as follows.
I have a requirement in my iPhone App that the SSL certificate details of the https enabled webpage should be read and stored into my app. This could be done in background process or at the time of loading the webpage in UIWebView controller. Is it possible? If so, can you please provide the Objective-C code to get the details.
Is it possible to verify the Extended Validation(EV) certificate of a https enabled webpage? If so, please provide the Objective-C code for this.
Many thanks in advance.
Mahesh
Sadly, the answer to 1 is that you cannot do it. There is no way to provision a SSL certificate to any keychain access list (other than the Apple one) other than including it in the bundle. See my related question:
Finding a certificate on iOS