I'm publishing my app to App Store and I have doubts regarding the "Missing Compliance" step.
Here's some info about the app:
I used Expo (Managed workflow). That means I don't have direct access to Xcode.
It's a simple 2D video game, free, with Expo ADMob. You can pay to remove Ads.
It requests a camera and library permission (to take a picture if the player wants). No Notifications, or any other extra thing.
It uses Firebase (Database, Storage, and Analytics) and Sentry. (for HTTPS connections)
I didn't manually include any "encryption" custom thing (that I'm aware of)
I'm publishing the App from Portugal, Europe. I plan to publish it worldwide, if possible.
Does your app use encryption? I didn't code anything related to it... but I assume I should say yes, right?
Does your app qualify for any of the exemptions provided in Category 5, Part 2 of the U.S. Export Administration Regulations?. My app is a simple JS video game, with MobAds. Should I say yes or no?
Does your app implement any encryption algorithms that are proprietary or not accepted as standards by international standard bodies (IEEE, IETF, ITU, etc.)? I did say no... is it right?
Does your app implement any standard encryption algorithms instead of, or in addition to, using or accessing the encryption within Apple’s operating system? If I say no, it shows an extra message about HTTPS. My app does use HTTPS for Firebase (Database, Storage, and Analytics) and Sentry.
Finally, if I say yes, it says: Version 0.1.0 (1) cannot be tested at this time because the build does not have associated export compliance documentation. Where do I find this documentation and how can I get it? I'm from Portugal, Europe.
Thank you!
Question 1:
Reply YES as you use HTTPS encryption for connections
Question 2:
For what you said about your app the reply is NO. In brief you don't use any function inside your app that use a custom cryptography or it's strictly medical app. The encryption that you use it's only for data passing from app to server, nothing inside your app is encrypted (app or a part/module of app is not encrypted).
Question 3:
No you don't use a custom crypt algorithm. That is usually used for bank app data inside the app.
Question 4:
Say NO. The US rules give an exception for apps with only HTTPS calls (that is what you do). Read here for a full explanation:
https://developer.apple.com/forums/thread/98071
https://www.cocoanetics.com/2017/02/itunes-connect-encryption-info/
Just add this key to info.plist file:
<key>ITSAppUsesNonExemptEncryption</key>
<false/>
For expo users, automatically answer this question by adding this to your app.json/app.config.js:
{
"ios": {
"config": {
"usesNonExemptEncryption": false / true
}
}
}
My iOS App ONLY makes HTTPS calls to send data from the app to the server. And I also use bcrypt to encrypt passwords on the back end. Would I need to submit a classification report? This is what I see when I click 'No' when asked to provide export compliance information.
And this is what I see when I click 'Yes' and 'Next'
I am located in Asia, so which options should I check? And would I need to submit a self classification report if my app only makes HTTPS calls to send data to the server and only uses encryption in the back end?
The connection between your app and your server is encrypted when you make HTTPS calls so your app is using encryption.
Your app is subject to Export Administration Regulations when you make your app available to users outside of the U.S. and Canada because this means you are exporting an app using encryption from the App Store servers located in the U.S.
You do need to submit a self classification report between January 1st and February 1st.
I am new to android and I want to implement in-app purchase within my app.
As i am working with xamarin, I have used this plugin
https://github.com/jamesmontemagno/InAppBillingPlugin
I have read documents available from google and I have read docs section of this plugin too.
I want to ask about the licence key google play console gives us. Where to put that key ? In docs section, it is mentioned that it is used to verify purchase. And they have given seperate interface for it.
This key is not used at all while purchasing the product ? Is it optional ?
Please help me to resolve my confusion.
Thank you.
It is an optional feature for paid applications that wish to verify that the current user did in fact pay for the application on Google Play as stated in this document. This is also available for free application to use licensing service to initiate the download of an APK expansion file. In which case, the request that your application sends to the licensing service is not to check whether the user paid for the app, but to request the URL of the expansion files.
Adding license verification with the LVL involves these tasks:
Adding the licensing permission your application's manifest.
Implementing a Policy — you can choose one of the full
implementations provided in the LVL or create your own.
Implementing an Obfuscator, if your Policy will cache any license response data.
Adding code to check the license in your application's main Activity.
Implementing a DeviceLimiter (optional and not recommended for most
applications).
The ONLY encryption my App uses is calls over HTTPS. Currently (7 June 2017) iTunes Connect requires an Export Compliance according to this information in iTunes Connect.
I've entered the iTunesConnect -> My Apps -> Features -> Encryption page, clicked the plus symbol besides "iOS Documentation" and in the Export Compliance form answered YES.
The following two screen shots show more details of the export compliance box as I scroll down.
The last 2 screen shots suggest using HTTPS is an EXEMPT use of encryption and I should therefore in info.plist set ITSAppUsesNonExemptEncryption=false. But this is not clear, and is contradicted in my 1st screen shot that says if you are making a call to HTTPS ... required to submit a year-end classification report to the US government.
So my questions:
is it correct to set ITSAppUsesNonExemptEncryption=false if the only encryption I use is via HTTPS calls?
if I must set ITSAppUsesNonExemptEncryption=true, where do I go to submit a report to the US government and how does this report get passed to Apple? I cannot find any clear information on the process. I don't want to screw this up as the consequences can be major as threatened in the last screen shot.
regardless of how I set ITSAppUsesNonExemptEncryption, according to my 1st screen shot if I use HTTPS I must submit a year-end self classification to the US government. Is that true, and what is the process? (clicking the "learn more" link doesn't help)
I was searching the web for this for some hours. Actually it is pretty easy and you can verify this in itunes connect:
1. All you have to do
If your app uses only HTTPS or uses encryption only for authentication, tokens, etc., there is nothing you have to do, just include
<key>ITSAppUsesNonExemptEncryption</key><false/>
in your Info.plist and you are done.
2. Verification
You can verify this in itunes connect.
select your app
chose features
chose encryption
click "+"
follow the dialog
for https or authentication the answer is yes and yes
3. Year-end self classification report
As is written in the dialog in 2., you still need to submit a year-end self classification report:
If you are making use of ATS or making a call to HTTPS please note
that you are required to submit a year-end self classification report
to the US government. Learn more
You can check How do I submit a Self Classification Report for Encryption Items and this SO question https://stackoverflow.com/a/48462458/276648 .
In any case you should of course read yourself carefully through the dialog.
A very helpful article can be found here:
https://www.cocoanetics.com/2017/02/itunes-connect-encryption-info/
I unfortunately do not have enough rep to comment but at the minute I am looking into the exact same issue and I believe that you are correct when you say that you can set the ITSAppUsesNonExemptEncryption key to false, at least this was the conclusion I came to from my research.
For the self classification report it does look like you have to submit one by February of next year, I found this link helpful in explaining the report and what to do
https://www.bis.doc.gov/index.php/policy-guidance/encryption/reports-and-reviews/annual-self-classification
Like I said this is all from my own investigation like you and I think this is correct but if anyone does have any more information would be greatly appreciated.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 4 years ago.
Improve this question
Does iTunes Connect has an API? How do some applications download financial and sale reports to computer? Are there some C/Objective-C API wrappers?
Update 11/02/2018
On November/18, Apple finally released the Appstore Connect REST API. Referencing the Apple description:
TestFlight. Manage beta builds of your app, testers, and groups.
Users and Access. Send invitations for users to join your team. Adjust their level of access or remove users.
Reporting. Download sales and financial reports.
Update 10/03/2018
Good news on this one: on 2018 WWDC, Apple announced the Appstore Connect API - where you'll be able to access almost everything related to your Appstore Connect management. You can see two related talks here and here.
The only curious thing is that its release date was supposed to be late this summer - so it's probably delayed. Nonetheless we should be able to see a release soon.
Update 8/18/2016
Official Reporter tool from Apple
https://help.apple.com/itc/appsreporterguide/#/
iTunes finally released an auto download tool as noted in the PDF
http://www.apple.com/itunesnews/docs/AppStoreReportingInstructions.pdf
Here is the class file
http://www.apple.com/itunesnews/docs/Autoingestion.class.zip
There's no API for iTunes connect, the only way you can access the information is through the web or with a program that scrapes the web pages. If you want to create something in Objective-C, download AppSales from github, it's an iPhone app which downloads financial reports from ITC (or maybe itts). You can download it and install it on your iPhone if you have an Apple developer account. You can look through their code and see how they scrape the daily and weekly reports (hint: it's ugly).
http://github.com/omz/AppSales-Mobile
Note that if you try to create an iPhone app to do this, Apple will reject it. It breaks the rule about "No public API". Other people have tried this and been rejected.
If you're just looking for software to do this on your computer, I'd highly recommend AppViz
http://www.ideaswarm.com/products/appviz/
Here's a nice post which compares these and more apps:
http://www.markj.net/sales-stats-tools-for-iphone-apps/
For everything non-sales related, you might want to check out the unoffical documentation of the iTunes Connect JSON API: https://github.com/fastlane/itc-api-docs
Update: There is now a Ruby implementation of both the iTunes Connect API and the Apple Developer API available: https://github.com/fastlane/fastlane/tree/master/spaceship
Following up on gavi's answer: if you download & decompile the Autoingestion class you can see the API that Apple use for sales downloads.
It consists of a POST to https://reportingitc.apple.com/autoingestion.tft with the form values: USERNAME, PASSWORD, VNDNUMBER, TYPEOFREPORT, DATETYPE, REPORTTYPE, REPORTDATE. Refer to the PDF for details of the parameters
The response will contain the header 'ERRORMSG' if there's an error, and the header 'filename' if there's a body (presumably Apple developers don't know about Content-Disposition or 4xx/5xx status codes). The body of the response contains the file data.
Here is a small project that may be helpful to you in automating the download of piano reports from iTunes Connect. It's a python script to automate the login / download of daily sales files and I use it daily in conjunction with some other scripts to parse that data. Hook it up to a cron job with some error checking (the reports never seem to be generated at the same time) and you'll be good to go.
http://code.google.com/p/appdailysales/
No, no formal API (or if there is one, it's well hidden even from iPhone developer users of iTunes connect). However, the sales & financial reports are downloadable as tab delimited plaintext (gzip compressed), though to make the request you'll have to login (which is cookie based). One could probably wrap this process up with a little bit of screen scraping, and thus get access to the TSV files.
Take a look at http://www.itunesapis.com. This is the missing iTunes and iTunes Connect API.
Shameless plug for my own perl5 module...
http://metacpan.org/pod/WWW::iTunesConnect
Although, given yesterday's announcement of an official Apple app, there might be an API in the works.
The most popular one on GitHub is spaceship
It is a Ruby library. You can NSTask to call ruby code.
after looking everywhere I did not find a PHP version of the reports API so made my own.
You can check it out on https://github.com/Finnb8r/itunes-connect-sales-api-php .
I realize that this is not an Objective-C wrapper but this link comes out on top when generally looking for an API.
To can use the AutoIngestion Tool the vendorId is needed.
To find it, with the last update on iTunes Connect, in the Sales and Trends section, pressing on the top
right menu that shows "Top Content" can access to the Reports entry (direct link).
There you can see the "Vendor" selector, pressing on it you can see the Details of the vendor with the following format:
VendorName - VendorId
Hope it helps.
There's no formal API but several open source and commercial products available that bring some/most/all info together (such as the ones mentioned in previous answers).
Another such solution is www.appfigures.com which combines sales reports, app reviews, and hourly rank updates. Unlike the other apps appfigures can automatically import your reports and email you a nicely formatted report by email every day/week.
There is ITunes Store Search API:
http://www.apple.com/itunes/affiliates/resources/blog/introduction---search-api.html
It is part of Apple affiliate program.
Hope this will help you.