Skip to content

[Config] App Uses Non-Exempt Encryption : No

Apollo Zhu requested to merge apollozhu/kdeconnect-ios:encryption into master

Per discussions in https://phabricator.kde.org/T15317, the app qualifies for exemption "(c) Limited to authentication, digital signature, or the decryption of data or files" provided in Category 5, Part 2 of the U.S. Export Administration Regulations. Thus, we add ITSAppUsesNonExemptEncryption

Update, May 7th 2022:

Justification of exemption decision from the KDE Connect iOS developers:

KDE Connect iOS uses encryption for the sole purpose of securing traffic between KDE Connect clients over the network and its related authentication. Therefore, it is reasonable to describe KDE Connect's usage of TLS encryption as a "message carrier" that carries the sole purpose of securing data during transfer, where it's not localized on the device on which the clients are installed onto.

To establish this secure transfer link, KDE Connect also uses encryption and digital signature to authenticate devices upon connection and pairing. This ensures that only devices that are authorized and trusted can be used to establish any secure connections for data transfer.

Since KDE Connect's use of encryption lies solely for the purposes stated above, we (the KDE Connect developers) believe that all of the usage cases fall under the term "limited to authentication, digital signature, or the decryption of data or files" as defined by category (c) of the encryption. Therefore, we (the KDE Connect developers) believe that KDE Connect iOS is exempt from the App Store encryption compliance policies, with no additional actions required to release KDE Connect iOS on the App Store.

Selecting the exempt option (as described above) in the App Store Connect portal effectively ends the encryption compliance process with the verdict that the app is not required to submit any further information regarding its use of encryption for the US regulations or French regulations. If our decision that KDE Connect iOS's qualification under exemption (c) is valid, no further actions would be needed in terms of encryption compliance to release the app on the App Store.

Edited by Lucas Wang

Merge request reports