Export Regulation for a pure SwiftUI offline app - app-store-connect

Export Regulation for a pure SwiftUI offline app that uses UserDefaults & CoreData
Export Compliance Information
Does your app use encryption? Select Yes even if your app only uses the standard encryption within Apple’s operating system.
Does it still count as using some standard encryption within Apple's OS?
Export Compliance Information
Does your app qualify for any of the exemptions provided in Category 5, Part 2 of the U.S. Export Administration Regulations?
If so, does it qualify for an exemption?

Related

Is AsyncStorage shared across apps?

My question originates from the docs: https://facebook.github.io/react-native/docs/asyncstorage.html#clear
AsyncStorage.clear -> Erases all AsyncStorage for all clients, libraries, etc....
does that mean that all apps share the same AsyncStorage?
AsyncStorage is not shared between multiple apps. Every app runs it it's own sandbox environment and has no access to other apps.
To call AsyncStorage.clear only means you will delete all data which your app has stored in AsyncStorage.
That includes
all data which was stored by a library that uses AsyncStorage like
https://github.com/sunnylqm/react-native-storage
all data from all users (in case of multi user)
For more information about app sandboxing you can read this answer:
What is Sandbox in ios , Can i Trans data between in one App to Another App in iPhone,if possible how

Is React Native's Async Storage secure?

I want to store sensitive data locally in a React Native app.
Is the data only available to the app that wrote it?
AsyncStorage is not suitable for storing sensitive information. You might find this useful: https://github.com/oblador/react-native-keychain
It uses facebook conceal/android keystore to store encrypted data to SharedPreferences (Android) and keychain on iOS. (I co-authored the lib). Be sure to read the entire readme to understand what it offers.
No , it is not secure since it is not encrypted .I would recommend that you use Expo`s secureStore
If you`re building your app from Expo :
// in managed apps:
import { SecureStore } from 'expo';
If you`re building as a bare app
// in bare apps:
import * as SecureStore from 'expo-secure-store';
Read more here : https://docs.expo.io/versions/v32.0.0/sdk/securestore/
No, AsyncStorage is not secure for sensitive data. AsyncStorage simply saves data to documents on the phone's hard drive, and therefore anyone with access to the phone's file system can read that data. Of course, whether or not this is problematic for you depends on what you mean by "senstive data."
At least on iOS, it is true that the data is only available to the app that wrote it, because of Apple's sandboxing policy. This doesn't stop jailbroken iPhones with root access to the file system from getting whatever they want, since AsyncStorage does not encrypt any of its data. But in general, don't save sensitive data to AsyncStorage, for the same reason you shouldn't hard code sensitive data in your javascript code, since it can be easily decompiled and read.
For very sensitive app or user data, you could try something like https://github.com/oblador/react-native-keychain on iOS(uses iOS Keychain) or https://github.com/classapp/react-native-sensitive-info for both Android and iOS(uses Android Shared Preference and iOS Keychain).
Both of them come with very fluent API and straightforward way of linking with react-native link and are a more secure way of preserving data you want to keep away from prying eyes.
I've faced the same problem on a project I was working on, we were using a custom wrapper for AsyncStorage, stored some amount of data and then we tried to retrieve the same data... and it was so easy.
We get over that problem by using Realm with the encryption option and it was a easier, faster and better solution than AsyncStorage.
No it is not secure. Consider using library like https://github.com/oblador/react-native-keychain for secure storage.
If you're using Expo you can use Expo.SecureStore to encrypt and securely store key–value pairs locally on the device. Documentation: https://docs.expo.io/versions/latest/sdk/securestore
I have created a secure storage module for redux-persist that uses react-native-keychain to store an encryption key and uses CryptoJS to encrypt the redux-store at rest in AsyncStorage. You can find the module at:
redux-persist-encrypted-async-storage
Its usage is discussed in the readme at the link.
From react-native doc - https://facebook.github.io/react-native/docs/asyncstorage.html
AsyncStorage is a simple, unencrypted, asynchronous, persistent, key-value storage system that is global to the app.
Its not secure as it stores key-value pairs in unencrypted form on device.
Checkcout - https://www.npmjs.com/package/react-native-secure-key-store.
It used keychain for iOS and KeyStore for Android for storing data securely.
If you are still searching for this one.
try using react-native-encrypted-storage they have some encryption.
react-native-encrypted-storage
its so simple as async storage

How can i know if an app is installed from apple app store or other stores in OSX

Is there any method to know if an app is installed from App store of OSX or installed from some other places?
I want to implement this using object c.
You can check whether the app came from Apple's app store by attempting to validate the receipt. You can read about receipt validation in the Receipt Validation Programming Guide, and searching for something like "mac app store receipt validation" will turn up a number of samples like this one. Apps that are downloaded from sources other than Apple's app store won't have valid receipts.

Windows Store Apps difference between Contracts and Extensions?

Can someone provide me an easy explanation of the difference between Contracts and Extensions in Windows Store Apps?
I have read this article: http://msdn.microsoft.com/en-us/library/windows/apps/hh464906.aspx, however, in some of the examples it isn't clear why one is a Contract and not an Extension and vice-versa.
Thank you.
When you "extend" a native function of Windows 8, like taking pictures or picking files - then your app is an "extension". It is more a category of apps based on their function. Contracts, in contrast, are just leveraging the charms and device capabilities. //End
To summarize:
Many apps will use contracts.
Few (very few?) apps will be extensions.
A contract is an agreement to consume and/or supply data in a specific format, often between apps as is the case with the Share contract. Contracts result in activations and are most often invoked directly from the Charms Bar (Search, Share, Settings, PlayTo) or the Start Menu (Launch).
An extension is an agreement between your app and the operating system. It is a way to extend the OS functionality with your app. AutoPlay for example allows the OS to launch your app when an item of a particular type is selected. Camera Settings will allow you to customize the camera settings provided by the OS when the user is configuring the camera.
So in general I think of contracts as app-app or app-user and extensions as app-OS, but it is obvious some are gray areas (like File Picker, I would consider that more an extension than a contract, but it is categorized as a contract).
A contract is like an interface with the common windows 8 charm bar features such as share & search.
You can make you app available to either provide to, or receive from these contracts.
An extension is where you might say, my app id used as a third part component, or as the link suggests says your app handles files of a particular extension and presents itself as a handler perhaps for that file type

Does apple rejects the application that reads the call history of iphone using FMDB database in iphone sdk?

I am using FMDB database to read the call history of the iphone.I need to know whether apple rejects my application if I go under this process.
Thanks to all,
Monish.
Since this is not only user's private information but also phone internal I guess Apple will reject the app. You are not supposed to access files outside your app sandbox (see point 2.6 of the linked App Store guidelines) except with the classes that Apple has provided (e.g. for accessing the phone book).