Using SSL in an iPhone App - Export Compliance
Update as of 20th September 2016
ERN's are no longer required, so it seems many apps will no longer need to register with the US government. (Though you may still need to file a bi-annual Self-Classification Report Supp. No. 8 to Part 742 report.) http://www.bis.doc.gov/InformationSecurity2016-updates
(Thanks to @EugenioDeHoyos and @user3562927 for pointing this out!)
This third-party website may assist you in preparing your report: Self-Classification Report Generator (Another user added a link to it, I have not tried it myself.)
French Government registration is still required to sell in France.
The iTunes Connect FAQs have been updated to cover this change and are the most readable reference I've found.
Old Answer
The process has changed, as of Summer 2010, and you (probably) need an ERN now, not a CCATS as was necessary at the time John wrote his answer.
See Apple iTunes export restrictions on apps. The iTunes connect faq also contains a lot of useful information on export compliance.
There are also now restrictions that apply to distributing apps with encryption on the French app store - see the itunes connect FAQ and the French Export Compliance thread on the devforums.
Does my application contain encryption?
UPDATE: Using HTTPS is now exempt from the ERN as of late September, 2016
https://stackoverflow.com/a/40919650/4976373
Unfortunately, I believe that your app "contains encryption" in terms of US BIS even if you just use HTTPS (if your app is not an exception included in question 2).
Quote from FAQ on iTunes Connect:
"How do I know if I can follow the Exporter Registration and Reporting (ERN) process?
If your app uses, accesses, implements or incorporates industry standard encryption algorithms for purposes other than those listed as exemptions under question 2, you need to submit for an ERN authorization. Examples of standard encryption are: AES, SSL, https. This authorization requires that you submit an annual report to two U.S. Government agencies with information about your app every January.
"
"2nd Question: Does your product qualify for any exemptions provided under category 5 part 2?
There are several exemptions available in US export regulations under Category 5 Part 2 (Information Security & Encryption regulations) for applications and software that use, access, implement or incorporate encryption.
All liabilities associated with misinterpretation of the export regulations or claiming exemption inaccurately are borne by owners and developers of the apps.
You can answer “YES” to the question if you meet any of the following criteria:
(i) if you determine that your app is not classified under Category 5, Part 2 of the EAR based on the guidance provided by BIS at encryption question. The Statement of Understanding for medical equipment in Supplement No. 3 to Part 774 of the EAR can be accessed at Electronic Code of Federal Regulations site. Please visit the Question #15 in the FAQ section of the encryption page for sample items BIS has listed that can claim Note 4 exemptions.
(ii) your app uses, accesses, implements or incorporates encryption for authentication only
(iii) your app uses, accesses, implements or incorporates encryption with key lengths not exceeding 56 bits symmetric, 512 bits asymmetric and/or 112 bit elliptic curve
(iv) your app is a mass market product with key lengths not exceeding 64 bits symmetric, or if no symmetric algorithms, not exceeding 768 bits asymmetric and/or 128 bits elliptic curve.
Please review Note 3 in Category 5 Part 2 to understand the criteria for mass market definition.
(v) your app is specially designed and limited for banking use or ‘money transactions.’ The term ‘money transactions’ includes the collection and settlement of fares or credit functions.
(vi) the source code of your app is “publicly available”, your app distributed at free of cost to general public, and you have met the notification requirements provided under 740.13.(e).
Please visit encryption web page in case you need further help in determining if your app qualifies for any exemptions.
If you believe that your app qualifies for an exemption, please answer “YES” to the question."
UIWebView, SSL and export compliance
As long as you are not using any third party security API (SSL, encryption, ...) you do not need other extra compliance than the Apple's approval to submit the application on Appstore.
The Apple's security API is not the best I have seen (quite not documented and painful to work with if you ask me) but you don't really need anything from it if what you are trying to do is a simple SSL connection.
If the server you are trying to connect to uses a certificate from a valid CA (not a self-signed certificate) than implementing username/password authentication is as simple as implementing one delegate method in which you would provide user's input.
-(void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
NSString *username = [binding.authenticationProperties objectForKey:kClientUsername];
NSString *password = [binding.authenticationProperties objectForKey:kClientPassword];
newCredential=[NSURLCredential credentialWithUser:username
password:password
persistence:NSURLCredentialPersistenceForSession];
[[challenge sender] useCredential:newCredential forAuthenticationChallenge:challenge];
}
Self-signed certificates and two-way SSL might be tricker on the other hand, but I guess this is not what you are asking for :)
I hope this answers your question.
regards
Appstore - Export compliance as an individual?
Just use the same name under which yours apps appear in the app store.
You have probably seen this.. but this guy is an individual developer who went through the process.
http://tigelane.blogspot.com/2011/01/apple-itunes-export-restrictions-on.html
Related Topics
How to See Saved Nsuserdefaults
A Complete Solution to Locally Validate an In-App Receipts and Bundle Receipts on iOS 7
How to Crop a Uiimageview to a New Uiimage in 'Aspect Fill' Mode
Command Failed Due to Signal: Segmentation Fault: 11
Resize Uiimage With Aspect Ratio
How to Launch Safari and Open Url from iOS App
How to Make an Http Request + Basic Auth in Swift
How to Use Writetofile to Save Image in Document Directory
Layout Issues After Updating to Xcode 8
Swift Convert Unix Time to Date and Time
How to Wrap Text in a Uitableviewcell Without a Custom Cell
Remove or Uninstall Library Previously Added: Cocoapods
What Are Sprite Kit'S "Category Mask" and "Collision Mask"
Detect iOS App Entering Background
How to Add Objects to a Uiscrollview That Extend Beyond Uiview from Storyboard
Displaying a Stock iOS Notification Banner When Your App Is Open and in the Foreground