I asked Apple the very same question and got the answer (from a Sr. Export Compliance Specialist), that "sending information over https is forcing the data to go through a secure channel from SSL, therefore it falls under the U.S. Government requirement for a CCATS review and approval." Note that it doesn't matter that Apple has already done this for their SSL implementation, but for the government, if you USE encryption that is the same (to them) as you would've coded it yourself. I also updated our blog (http://blog.theanimail.com) since Tim linked to it with updates and details on the process. Hope that helps.

以正确的方式获得应用批准并不难。SSL (HTTPS/TLS)仍然是加密，除非您只是将其用于身份验证，否则您应该获得适当的批准。我刚刚获得了批准，我的应用程序现在已经在商店中使用SSL加密数据流量(而不仅仅是身份验证)。

下面是我写的一篇博客文章，这样其他人就可以用正确的方法来做这件事。

苹果iTunes出口限制

I asked Apple the very same question and got the answer (from a Sr. Export Compliance Specialist), that "sending information over https is forcing the data to go through a secure channel from SSL, therefore it falls under the U.S. Government requirement for a CCATS review and approval." Note that it doesn't matter that Apple has already done this for their SSL implementation, but for the government, if you USE encryption that is the same (to them) as you would've coded it yourself. I also updated our blog (http://blog.theanimail.com) since Tim linked to it with updates and details on the process. Hope that helps.

我发现这个来自美国工业和安全局的常见问题解答非常有用。

加密

问题15(什么是注释4?)是重点:

...

被注释4排除在第2部分第5类中的项目包括但不限于以下项目:

消费者应用程序。一些例子:

piracy and theft prevention for software or music; music, movies, tunes/music, digital photos – players, recorders and organizers games/gaming – devices, runtime software, HDMI and other component interfaces, development tools LCD TV, Blu-ray / DVD, video on demand (VoD), cinema, digital video recorders (DVRs) / personal video recorders (PVRs) – devices, on-line media guides, commercial content integrity and protection, HDMI and other component interfaces (not videoconferencing); printers, copiers, scanners, digital cameras, Internet cameras – including parts and sub-assemblies household utilities and appliances

对于仅仅使用TLS连接自己的web服务器的应用程序开发人员来说，所有这些都非常令人困惑。因为ATS(应用程序传输安全)变得越来越重要，我们被鼓励将所有内容转换为https -我认为更多的开发人员将遇到这个问题。

我的应用程序只是使用https协议在服务器和用户之间交换数据。看到免责声明中“使用加密”的字样有点吓人，所以我给美国政府办公室打了个电话，并与工业和安全局(BIS) http://www.bis.doc.gov/index.php/about-bis/contact-bis的代表进行了交谈。

代表向我询问了我的应用程序，由于它通过了“主要功能测试”，因为它与安全/通信无关，只是使用https作为连接我的客户数据到我们的服务器的通道-它属于EAR99类别，这意味着它不需要获得政府许可(参见https://www.bis.doc.gov/index.php/licensing/commerce-control-list-classification/export-control-classification-number-eccn)

我希望这能帮助到其他应用开发者。

是的，根据iTunes Connect出口合规性信息屏幕，如果您使用内置的iOS或MacOS加密(keychain, https)，则您是在为美国政府出口法规的目的使用加密。你是否有资格获得出口合规性豁免取决于你的应用程序做什么以及它如何使用这种加密。附图显示iTunes Connect出口合规屏幕，以帮助您确定您的出口报告义务。它特别指出:

如果您正在使用ATS或呼叫HTTPS，请注意您需要向美国政府提交一份年终自我分类报告。了解更多