아이폰 앱스토어 리뷰 등록시 암호화 모듈이 있다면?

미국 정부 사이트에서 ERN이나 CCATS를 진행해야 합니다.

이게 참 험난한 시작입니다. 한글로 되어 있는 처리방법이 없습니다. 저도 아직 완료된 상태는 아니지만 공유해보도록 하겠습니다.

Q. 아이폰 앱스토어에 등록하고 싶어요.. 근데 암호화 사용했어요.... 어떻게 해야 해요

A. 면책 조건이 있긴 한데 보통 여기에 속하지가 않습니다. 은행거래를 통핸 정보를 보기 위해 암호를 풀거나... 그러지 않으면... 즉 암호화를 하면 면책조건에 해당되지 않습니다.

SNAP-R이나 CCATS를 진행해야 합니다.

Q.미국수출협약을 한국 사람이 앱 만들어 한국사람에게 팔겠다는데 왜 미국 정부 허락을 맡아야해요?

A.앱스토어 서버가 미국에 있어서 그래요

Q.만약 그런내용을 안적고 앱에 올리면요?

A.해당 내용을 잘 보시면 걸리면 통보없이 바로 삭제입니다.

App Store Review Guidelines.

Section 2.3 of the iOS Developer Program License Agreement specifies,

"You certify that (i) none of the Licensed Applications contains, uses or supports any data encryption or cryptographic functions; or (ii) in the event that any Licensed Application contains, uses or supports any such data encryption or cryptographic functionality, You will, upon request, provide Apple with a PDF copy of Your Encryption Registration Number (ERN), or export classification ruling (CCATS) issued by the United States Commerce Department, Bureau of Industry and Security and PDF copies of appropriate authorizations from other countries that mandate import authorizations for that Licensed Application, as required."

Please review your app's encryption ability, and when resubmitting your binary, check the appropriate answers to the questions in the Export Compliance section of iTunes Connect. You may be asked some follow-on questions to determine the level of encryption in your app; you may also be asked to provide a copy of your CCATS.

If you have questions related to export compliance and your app's use of encryption, please contact the App Store Export Compliance team at appstore.ec@apple.com.

그럼

대략적인 진행방법입니다.

1. https://snapr.bis.doc.gov/snapr/ 에 등록하기

2. 메일주소 확인 메일을 확인하고 링크 클릭

3. snap-r cin 넘버가 메일로 옵니다. 이게 오면 암호 등록을 할수 있습니다.

4. snap-r에 로그인 합니다.

5. work item을 생성합니다.

6. Encryption Registration Supp. No. 5 to Part 742 문서를 작성합니다.

7, work item 작성을 완료하고 submit 합니다.

8. 승인완료 메세지를 받고 해당 문서를 pdf로 저장합니다.

9. 앱스토어 화면에서 등록을합니다.

현재 8까지 진행했으나 9번에서 ERN문서 등록이 되지 않아 문의를 한 상태입니다.

완료되는 데로 포스팅을 추가하겠습니다.

참고 : Encryption Registration Supp. No. 5 to Part 742

Supplement No. 5 to Part 742—Encryption Registration

Certain classification requests and self-classification reports for encryption items must be supported by an encryption registration, i.e., the information as described in this Supplement, submitted as a support documentation attachment to an application in accordance with the procedures described in §§740.17(b), 740.17(d), 742.15(b), 748.1, 748.3 and Supplement No. 2 to part 748 of the EAR.

(1) Point of Contact Information

(a) Contact Person

(b) Telephone Number

(c) Fax Number

(d) E-mail address

(e) Mailing Address

(2) Company Overview (approximately 100 words).

(3) Identify which of the following categories apply to your company's technology/families of products:

(a) Wireless

(i) 3G cellular

(ii) 4G cellular/WiMax/LTE

(iii) Short-range wireless/WLAN

(iv) Satellite

(v) Radios

(vi) Mobile communications, n.e.s.

(b) Mobile applications

(c) Computing platforms

(d) Multimedia over IP

(e) Trusted computing

(f) Network infrastructure

(g) Link layer encryption

(h) Smartcards or other identity management

(i) Computer or network forensics

(j) Software

(i) Operating systems

(ii) Applications

(k) Toolkits/ASICs/components

(l) Information security including secure storage

(m) Gaming

(n) Cryptanalytic tools

(o) “Open cryptographic interface” (or other support for user-supplied or non-standard cryptography)

(p) Other (identify any not listed above)

(q) Not Applicable (Not a producer of encryption or information technology items)

(4) Describe whether the products incorporate or use proprietary, unpublished or non-standard cryptographic functionality, including encryption algorithms or protocols that have not been adopted or approved by a duly recognized international standards body. (If unsure, please explain.)

(5) Will your company be exporting “encryption source code”?

(6) Do the products incorporate encryption components produced or furnished by non-U.S. sources or vendors? (If unsure, please explain.)

(7) With respect to your company's encryption products, are any of them manufactured outside the United States? If yes, provide manufacturing locations. (Insert “not applicable”, if you are not the principal producer of encryption products.)

작성 예

Supplement No. 5 to Part 742 — Encryption Registration

Certain classification requests and self-classification reports for encryption items must be supported by an encryption registration, i.e., information as described in this Supplement, submitted as a support documentation attachment to an application in accordance with the procedures described in §§740.17 (b), 740.17 (d), 742.15 (b), 748.1, 748.3 and Supplement No. 2 to part 748 of the EAR.

(1) Point of Contact Information

(Contact Person

drawhan

(b) Telephone Number

+82-2-999-99-99

© Fax Number

+82-2-999-99-88

(d) E-mail address

drawhan@daum.net

(e) Mailing Address

samsung dong seoul korea

(2) Company Overview (approximately 100 words).

we make app. good compnay. 

(3) Identify which of the following categories apply to your company's technology/families of products:

(Wireless

(i) 3G cellular

(ii) 4G cellular/WiMax/LTE

(iii) Short-range wireless/WLAN

(iv) Satellite

(v) Radios

(vi) Mobile communications, n.e.s.

(b) Mobile applications

© Computing platforms

(d) Multimedia over IP

(e) Trusted computing

(f) Network infrastructure

(g) Link layer encryption

(h) Smartcards or other identity management

(i) Computer or network forensics

(j) Software

Yes: We only create software.

(i) Operating systems

(ii) Applications

(k) Toolkits/ASICs/components

(l) Information security including secure storage

(m) Gaming

(n) Cryptanalytic tools

(o) “Open cryptographic interface” (or other support for user-supplied or non-standard cryptography)

(p) Other (identify any not listed above)

(q) Not Applicable (Not a producer of encryption or information technology items)

(4) Describe whether the products incorporate or use proprietary, unpublished or non-standard cryptographic functionality, including encryption algorithms or protocols that have not been adopted or approved by a duly recognized international standards body. (If unsure, please explain.)

use open source 

(5) Will your company be exporting “encryption source code”?

No.

(6) Do the products incorporate encryption components produced or furnished by non-U.S. sources or vendors? (If unsure, please explain.)

No.

(7) With respect to your company's encryption products, are any of them manufactured outside the United States? If yes, provide manufacturing locations. (Insert “not applicable”, if you are not the principal producer of encryption products.)

No.