Disclaimer: I am not a lawyer. This is not legal advice. I am not a encryption expert. If you are in doubt, do your own due diligence. I’m confident that “I read it on the internet and they said it was OK” will not be a good defence if the NSA kicks down your door and hauls you away for cyber crimes. I am trying to keep this up to date, but this stuff changes often so it’s worth double checking. If you notice anything wrong or out of date, please let me know. Thanks!
Update January 2023: According to this document on the BIS website, the reporting requirements for mass market items have been changed. My current understanding is that if your app uses any encryption that is included with iOS, or https, then you no longer need to send a report.
Yesterday, after uploading an app for beta testing, I received this message in iTunesConnect for the first time:
If you are making use of ATS or making a call to HTTPS please note that you are required to submit a year-end self classification report to the US government.
Continue Reading →
Managing App IDs and provisioning profiles has come on a lot from when I first started iOS development almost three years ago. Xcode now does a fair amount of the heavy lifting for you, creating App IDs and development provisioning profiles automatically as and when they’re needed. This is great, removing some of the administrative burden and getting new projects running on devices as quickly as possible.
It has become so easy, in fact, that I thought I could just start submitting apps to the App store for testing based on simply setting the
Team setting in the
General tab of the target in Xcode. There was nothing really telling me that I couldn’t do this—this process will work just fine until you want some advanced entitlements (like iCloud), at which point trying to upload it to iTunes will result in
no matching provisioning profiles found for application errors.
When I looked carefully at the error, I noticed that it was trying to use the wildcard provisioning profile which isn’t allowed when it comes to certain entitlements.
After much deleting of the automatically generated App IDs and provisioning profiles, I realised that you still needed to manually create a distribution profile with your distribution certificate even though the
Code Signing Entities in the
Build Settings tab now always just say
iOS Developer now and the
Provisioning Profile says
automatic. There are few clues that multiple provisioning profiles were even necessary any more.
Anyway, it’s my fault for making the assumption that differentiated provisioning profiles were a thing of the past—I thought I had reached the point of never needing to reach for the Certificates, Identifiers & Profiles section of the Developer Portal again—but maybe this will help someone else come to the realisation sooner that, when it comes to distribution profiles, you always need to make sure you have one set up and you have to do this manually.