[pve-devel] [PATCH pve_flutter_frontend v2] chore: ios: add export compliance key to info.plist
Thomas Lamprecht
t.lamprecht at proxmox.com
Mon Sep 29 15:09:30 CEST 2025
Am 29.09.25 um 14:51 schrieb Shan Shaji:
> Hi @Thomas and @Dominik, I have done some more research on this through
> the BIS documentation [0] on License Exception ENC and Category 5, Part 2 [1].
>
> AFAIU,
>
> - Since we are using TLS/SSL encryption we are under 5A002/5D002.
> Our app comes under mass market [2] so it further classfies it under
> 5A992/5D992. After March 29, 2021 mass market software doesn't need to
> provide a self classification report [3]. Also since we are using the
> platform APIs provided by iOS which are already exported by Apple
> for SSL/TLS and not implementing any encryptions by ourselves
> i believe we don't need to do anything from our side.
>
> - For the crypto package that we are using doesn't likely fall under 5A002/5D002 as
> it's not used for confidentiality rather we are using it for data integrity.
> So i believe it should likely fall under ECCN 5D992 (Mass Market).
> Also the source code of the package is publicly available and SHA-256
> is a standared algorithm.
>
> - For `biometric_storage`, the package internaly uses the platform APIs
> that are available in iOS [4]. Since it's using the already exported iOS
> interfaces i believe we should be fine there as well.
>
> - [0] https://www.bis.doc.gov/index.php/encryption-and-export-administration-regulations-ear
> - [1] https://www.bis.doc.gov/index.php/documents/new-encryption/1652-cat-5-part-2-quick-reference-guide/file
> - [2] https://www.bis.doc.gov/index.php/policy-guidance/encryption/3-license-exception-enc-and-mass-market/a-mass-market (Paragraph a)
> - [3] https://www.bis.doc.gov/index.php/documents/pdfs/2759-table-of-changes-to-enc-in-wa2019-rule-final-version/file (Table Reference)
> - [4] https://github.com/authpass/biometric_storage/blob/main/macos/Classes/BiometricStorageImpl.swift
>
> So IMHO, i think it's safe to update the ` ITSAppUsesNonExemptEncryption` key
> to false. WDYT?
That seems to be a safe conclusion with enough due diligence to back it up.
More information about the pve-devel
mailing list