Search Unity

  1. Good news ✨ We have more Unite Now videos available for you to watch on-demand! Come check them out and ask our experts any questions!
    Dismiss Notice

US Export Compliance / encryption

Discussion in 'Unity Analytics' started by coshea, Mar 1, 2016.

  1. coshea

    coshea

    Joined:
    Dec 20, 2012
    Posts:
    278
    “U.S. export laws require that products containing encryption be properly authorised for export”

    https://developer.apple.com/library...sConnect_Guide/Chapters/SubmittingTheApp.html

    Does Unity Analytics use encryption, and therefore developers should be ticking yes to this setting in iTunes Connect?

    Seems like quite a headache…

    https://carouselapps.com/2015/12/09/mac-ios-applications-breaking-rules-removed/

    https://carouselapps.com/2015/12/15/legally-submit-app-apples-app-store-uses-encryption-obtain-ern/

    Many thanks
     
  2. mpinol

    mpinol

    Unity Technologies

    Joined:
    Jul 29, 2015
    Posts:
    319
    Hi @coshea,

    Unity Analytics does not use encryption so you do not need to worry about this setting!
     
    coshea likes this.
  3. Izzzo

    Izzzo

    Joined:
    Jun 12, 2015
    Posts:
    5
    As far as I could see on Android, the Unity Analytics data is sent (at least now) using TLS, probably using the encryption algorithm of the OS (means Android). So as far as I know the U.S. export restriction would apply here as encryption is used somehow, but the changes in the export regulations of late September 2016 (see https://www.bis.doc.gov/index.php/informationsecurity2016-updates) make it a little difficult again to understand, if an encryption registration is still needed or not ...
     
  4. ap-unity

    ap-unity

    Unity Technologies

    Joined:
    Aug 3, 2016
    Posts:
    1,388
    @Izzzo,

    With regards to our Analytics and IAP services, we use HTTPS encryption. We also provide an additional feature with Unity IAP called “Receipt Validation,” which you can choose to implement in order to prevent fraudulent purchases. Receipt Validation uses RSA Certificates for Apple and Google’s RSA key encryption for Google.

    While we can’t provide legal advice on whether this violates any of Apple’s Terms and Services, we can provide you with this link to additional information provided by the U.S. Department of Commerce regarding encryption classification.
    http://www.bis.doc.gov/index.php/policy-guidance/encryption/identifying-encryption-items#Three

    If you remain concerned, we encourage you to consult with your legal counsel.
     
  5. Izzzo

    Izzzo

    Joined:
    Jun 12, 2015
    Posts:
    5
    @ap-unity: Thank you for the clarification and the link. It did help me to understand the changes in the regulations.

    If anyone needs even more details of encryption export regulations, I can recommend to do the following (Disclaimer: I am not a lawyer, so this is not a legal advice):
     
    ap-unity likes this.
  6. KeyBoredStudios

    KeyBoredStudios

    Joined:
    Nov 6, 2018
    Posts:
    1
    Dear future devs,

    I wanted to find the best possible answer for this question and compiled my finds into a video.
    I'll share it here, hopefully it can help you!

    (Remember, I am not a lawyer so I am not responsible for anything you do. This is an educational video to point your research in the right direction!)

     
    yyylny likes this.
  7. DanielJack23

    DanielJack23

    Joined:
    Mar 21, 2015
    Posts:
    2
    Are these information still correct? I was wandering for a page on Unity website in which this info are reported in details and updated constantly and in which is explained how developers that use Unity Ads and Unity Analytics can comply with U.S. export laws.
     
  8. JeffDUnity3D

    JeffDUnity3D

    Unity Technologies

    Joined:
    May 2, 2017
    Posts:
    7,895
    Still accurate.
     
  9. yuriythebest

    yuriythebest

    Joined:
    Nov 21, 2009
    Posts:
    1,029
    So from what I understand, if it's a unity game with iap/analytics and some ads plugins such as applovin/chartboost, then it should be ok? ( uses encryption, but is exempt since the encryption is not a "feature" the user can actually make use of)
     
  10. JeffDUnity3D

    JeffDUnity3D

    Unity Technologies

    Joined:
    May 2, 2017
    Posts:
    7,895
    We can't speak for other plugins. I'm not clear on your mention of "feature". Sounds like if there is encryption occurring the user would be using it?
     
  11. yuriythebest

    yuriythebest

    Joined:
    Nov 21, 2009
    Posts:
    1,029
    I meant that if ads plugins encrypt some data they send to/from the server, but the user doesn't actually encrypt anything himself and just plays a game

    so my understanding is that such games would "use encryption" ( at least because of unity analytics) but would be exempt?
     
  12. JeffDUnity3D

    JeffDUnity3D

    Unity Technologies

    Joined:
    May 2, 2017
    Posts:
    7,895
    Sorry I don't follow and can't make a recommendation. Users never encrypt their own data explicitly. If a plugin uses encryption, then so is the game and therefore so is the user if using your broad definition.
     
  13. yuriythebest

    yuriythebest

    Joined:
    Nov 21, 2009
    Posts:
    1,029
    Hi! sorry for being confusing - I just think it's a pretty common thing for a game app to exist that uses unity iap, unityads, unity analytics, applovin/chartboost, I just want to understand what options to select in itunes in regards to encryption ( if it's exempt, for example)
     
  14. JeffDUnity3D

    JeffDUnity3D

    Unity Technologies

    Joined:
    May 2, 2017
    Posts:
    7,895
    The question has already been answered, but we can't speak for applovin/chartboost. You will need to contact them.
     
  15. yuriythebest

    yuriythebest

    Joined:
    Nov 21, 2009
    Posts:
    1,029
    ok, so to narrow down the question - if the app just uses unity IAP/analytics/unityads, is the correct answer "yes, uses encryption, but doesn't apply/is exempt"?
     
  16. JeffDUnity3D

    JeffDUnity3D

    Unity Technologies

    Joined:
    May 2, 2017
    Posts:
    7,895
    I'm not sure where you are reading this. May I ask, are you familiar with HTTPS and SSL? We have answered here https://forum.unity.com/threads/us-export-compliance-encryption.389208/#post-2893835 . You will need to check with Apple if they regard the HTTPS protocol as included in their definition of encrypted, I might doubt it. Otherwise we are not using encryption, except as mentioned in the link.
     
unityunity