Apple App Store. Get ERN
Before downloading the app to the review in the Apple App Store, we are asked an unexpected question, and doesn’t our app use cryptography?
And although the temptation to answer “no” and download is very great at last, and someone whispers quietly that you could forget https or not know how it works, but conscience advises to figure it out.
It took me a lot of effort to get an ERN (Encryption Registration approval from BIS), and I decided to write an instruction.
Even if you answered “yes” to a question on cryptography, it is possible that your application is on the list of exceptions and it is not necessary to receive an ERN. This is just the next question.
')
You can answer "yes" if the application uses cryptography:
You can also answer “yes” if the application meets all the requirements from Note 4 of this document :
I have long tried to figure out whether to get an ERN if the application only uses https. Most colleagues in the English-language Internet agree that it is necessary. Moreover, it is difficult to penetrate into all these conditions and many admit different interpretations. Easier to get ERN.
There were concerns whether there would be problems with the Russian origin of the company. But everything went well.
Done! Now you can download the application for review.
Judging by the reviews on the Internet, the conditions for obtaining sometimes change. Therefore, I ask you not to rely only on my free translation and interpretation of documents, but also to get acquainted with the original immediately before receiving the ERN.
And although the temptation to answer “no” and download is very great at last, and someone whispers quietly that you could forget https or not know how it works, but conscience advises to figure it out.
It took me a lot of effort to get an ERN (Encryption Registration approval from BIS), and I decided to write an instruction.
Maybe not?
Even if you answered “yes” to a question on cryptography, it is possible that your application is on the list of exceptions and it is not necessary to receive an ERN. This is just the next question.
')
You can answer "yes" if the application uses cryptography:
- For medical purposes;
- To protect intellectual property or copyright;
- For authentication, digital signature or to decrypt data;
- To manage money;
- For data compression or encryption algorithms that do not use external encryption parameters (for example, keys), the user cannot influence the internal parameters used.
You can also answer “yes” if the application meets all the requirements from Note 4 of this document :
- The main functionality of the application:
- Not relevant to information security;
- Not an operating system or part of it;
- Not intended for transmission and storage of information (except for mass commercial distribution, organization of entertainment events, copyright protection, management of medical records);
- Does not apply to the organization of computer networks.
- Cryptography is the main functionality of the application.
- If necessary, at the request of the relevant authorities, all necessary information will be provided to confirm the implementation of the first two points.
I have long tried to figure out whether to get an ERN if the application only uses https. Most colleagues in the English-language Internet agree that it is necessary. Moreover, it is difficult to penetrate into all these conditions and many admit different interpretations. Easier to get ERN.
Still get
There were concerns whether there would be problems with the Russian origin of the company. But everything went well.
- You must register with the Bureau of Industry and Security Department of Commerce to get a SNAP-R account. The link is the most common form of registration. After registration you will need to confirm your email. And wait for your request to be reviewed and activated. But in fact it happens quite quickly. An hour and a half later, we received a CIN (Applicant ID) and an activation link, where we were asked to choose a username and password.
- We go to the site . We use the login and password specified in the previous step, and the Applicant ID from the letter.
- Click Create Work Item.
- Select Encription Registration in the drop-down list and invent Reference Number. Reference Number is a string of three letters and four numbers. We were lucky - short for Tik-Tok Coach consists of three letters. Therefore, in the screenshot Reference Number - TTC0001.
- Here we see another ordinary form that needs to be filled out. We are interested in the “Documents attached to application” item.
Need to fill in Supplement No. 5 to Part 742 — Encryption Registration and attach in pdf format.
You can copy the text from the link provided, fill in the necessary information in Office Word and save it as a pdf document.An example of filling. Highlighted what you need to fill out.Supplement No. 5 to Part 742 — Encryption Registration
If you’re registering for a computer, it’s not necessary to do so. ), 740.17 (d), 742.15 (b), 748.1, 748.3 and Supplement No. 2 to part 748 of the EAR.
(1) Point of Contact Information
(a) Contact Person
Ivan Ivanov
(b) Telephone Number
+ 7-999-999-99-99
© Fax Number
+ 7-999-999-99-88
(d) E-mail address
iivanov@thebestcompany.tu
(e) Mailing Address
1, Imaginary Street, Omsk, Russian Federation, 644001
(2) Company Overview (approximately 100 words).
We are the best company. We develop HelloWorld App. We have a mission to make the better world. And so on.
(3) Identify your products / families of products:
(a) Wireless
(i) 3G cellular
(ii) 4G cellular / WiMax / LTE
(iii) Short-range wireless / WLAN
(iv) Satellite
(v) Radios
(vi) Mobile communications, nes
(b) Mobile applications
© Computing platforms
(d) Multimedia over IP
(e) Trusted computing
(f) Network infrastructure
(g) Link layer encryption
(h) Smartcards or other identity management
(i) Computer or network forensics
(j) Software
Yes: We only create software.
(i) Operating systems
(ii) Applications
(k) Toolkits / ASICs / components
(l) Information security including secure storage
(m) Gaming
(n) Cryptanalytic tools
(o) “Open cryptographic interface” (or other support for user supplied or non-standard cryptography)
(p) Other (identify any not listed above)
(q) Not Applicable (not a producer of encryption or information technology items)
(4) Describe whether it is approved or approved by the standards body. (If unsure, please explain.)
Our product does not use any proprietary, unpublished or non-standard cryptographic functionality.
We only use standards based Secure Socket Layer (SSL) encryption and system encryption mechanisms that are available in Windows, Mac, Ubuntu operation systems.
(5) Will your company be exporting “encryption source code”?
No.
(6) What do you think about the products? (If unsure, please explain.)
No.
(7) United States? If yes, provide manufacturing locations. (Insert “not applicable”, if you are a provider of encryption products.)
No.
[75 FR 36497, June 25, 2010] - Soon after sending the form on the site, a message arrives with the ERN.
- But in the App Store you need to download a pdf document. Therefore, take a screenshot of the message and paste it into pdf.
Done! Now you can download the application for review.
Comment
Judging by the reviews on the Internet, the conditions for obtaining sometimes change. Therefore, I ask you not to rely only on my free translation and interpretation of documents, but also to get acquainted with the original immediately before receiving the ERN.
Source: https://habr.com/ru/post/208800/
All Articles