Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 4 years ago.
When submitting an app to the iOS App Store, one is required to declare whether the app "contains encryption" (and, as I understand, go through additional administrative hurdles).
Does anyone know of any guidance on what precisely is covered by the term "encryption" in this context?
Are they referring to:
- specifically cryptographically secure encryption schemes (AES, RSA etc);
- OR, any scheme or method that might in everyday parlance be referred to as 'encryption', or a variant of a standard scheme that is cryptographically weak?
Specifically, I was intending to use some weak scheme to protect some of the app's assets against a casual hacker, e.g. by XORing the data from the file with a string of bytes generated from a (non-cryptographic) random number generator. If you like, it would be a "one time pad", but where the key isn't actually cryptographically random: just random enough so that somebody looking to steal the data would need to go to a small amount of effort beyond 'just copying the data out of the file'.
So, for the purposes of the declaration, would this count as using "encryption" even though it's not actually a cryptographically secure form of encryption? What I'm doing is common enough practice that I'm guessing other developers have submitted apps using such a procedure: did you have to declare the app as using encryption?
(The iTunes Connect Guide, for example, doesn't give any further specification on this matter.)
