Search Unity

US Export Compliance / encryption

Discussion in 'Unity Analytics' started by coshea, Mar 1, 2016.

  1. coshea

    coshea

    Joined:
    Dec 20, 2012
    Posts:
    256
    “U.S. export laws require that products containing encryption be properly authorised for export”

    https://developer.apple.com/library...sConnect_Guide/Chapters/SubmittingTheApp.html

    Does Unity Analytics use encryption, and therefore developers should be ticking yes to this setting in iTunes Connect?

    Seems like quite a headache…

    https://carouselapps.com/2015/12/09/mac-ios-applications-breaking-rules-removed/

    https://carouselapps.com/2015/12/15/legally-submit-app-apples-app-store-uses-encryption-obtain-ern/

    Many thanks
     
  2. mpinol

    mpinol

    Unity Technologies

    Joined:
    Jul 29, 2015
    Posts:
    318
    Hi @coshea,

    Unity Analytics does not use encryption so you do not need to worry about this setting!
     
    coshea likes this.
  3. Izzzo

    Izzzo

    Joined:
    Jun 12, 2015
    Posts:
    5
    As far as I could see on Android, the Unity Analytics data is sent (at least now) using TLS, probably using the encryption algorithm of the OS (means Android). So as far as I know the U.S. export restriction would apply here as encryption is used somehow, but the changes in the export regulations of late September 2016 (see https://www.bis.doc.gov/index.php/informationsecurity2016-updates) make it a little difficult again to understand, if an encryption registration is still needed or not ...
     
  4. ap-unity

    ap-unity

    Unity Technologies

    Joined:
    Aug 3, 2016
    Posts:
    1,340
    @Izzzo,

    With regards to our Analytics and IAP services, we use HTTPS encryption. We also provide an additional feature with Unity IAP called “Receipt Validation,” which you can choose to implement in order to prevent fraudulent purchases. Receipt Validation uses RSA Certificates for Apple and Google’s RSA key encryption for Google.

    While we can’t provide legal advice on whether this violates any of Apple’s Terms and Services, we can provide you with this link to additional information provided by the U.S. Department of Commerce regarding encryption classification.
    http://www.bis.doc.gov/index.php/policy-guidance/encryption/identifying-encryption-items#Three

    If you remain concerned, we encourage you to consult with your legal counsel.
     
  5. Izzzo

    Izzzo

    Joined:
    Jun 12, 2015
    Posts:
    5
    @ap-unity: Thank you for the clarification and the link. It did help me to understand the changes in the regulations.

    If anyone needs even more details of encryption export regulations, I can recommend to do the following (Disclaimer: I am not a lawyer, so this is not a legal advice):
     
    ap-unity likes this.