如果你使用苹果提供的安全框架或CommonCrypto库，你的应用程序中包含了加密，你必须回答“是”——仅仅因为库是由苹果提供的，并不能让你摆脱困境。

关于最初的问题，最近在苹果开发论坛上的帖子让我相信，即使你只使用SSL，你也需要回答“是”。

我发现这个来自美国工业和安全局的常见问题解答非常有用。

加密

问题15(什么是注释4?)是重点:

...

被注释4排除在第2部分第5类中的项目包括但不限于以下项目:

消费者应用程序。一些例子:

piracy and theft prevention for software or music; music, movies, tunes/music, digital photos – players, recorders and organizers games/gaming – devices, runtime software, HDMI and other component interfaces, development tools LCD TV, Blu-ray / DVD, video on demand (VoD), cinema, digital video recorders (DVRs) / personal video recorders (PVRs) – devices, on-line media guides, commercial content integrity and protection, HDMI and other component interfaces (not videoconferencing); printers, copiers, scanners, digital cameras, Internet cameras – including parts and sub-assemblies household utilities and appliances

I asked Apple the very same question and got the answer (from a Sr. Export Compliance Specialist), that "sending information over https is forcing the data to go through a secure channel from SSL, therefore it falls under the U.S. Government requirement for a CCATS review and approval." Note that it doesn't matter that Apple has already done this for their SSL implementation, but for the government, if you USE encryption that is the same (to them) as you would've coded it yourself. I also updated our blog (http://blog.theanimail.com) since Tim linked to it with updates and details on the process. Hope that helps.

如果你使用苹果提供的安全框架或CommonCrypto库，你的应用程序中包含了加密，你必须回答“是”——仅仅因为库是由苹果提供的，并不能让你摆脱困境。

关于最初的问题，最近在苹果开发论坛上的帖子让我相信，即使你只使用SSL，你也需要回答“是”。

只是补充一下我对一个非常特殊的案例的个人解释: 在我的应用程序中，用户可以选择自己去一个网站，或者让我的应用程序打开Safari, Safari将调用一个HTTPS网站。可以是任何-自己的网站，文章等。我解释Safari进行实际的HTTPS调用，而不是我的应用程序，因此用No回答第一个问题(或在info.plist中设置标志)，并且不要求每年报告。

看起来HTTPS很重要

连结“了解更多”: https://www.bis.doc.gov/index.php/policy-guidance/encryption/4-reports-and-reviews/a-annual-self-classification