* [pve-devel] [PATCH pve_flutter_frontend v2] chore: ios: add export compliance key to info.plist
@ 2025-09-25 12:32 Shan Shaji
2025-09-26 9:21 ` Dominik Csapak
0 siblings, 1 reply; 3+ messages in thread
From: Shan Shaji @ 2025-09-25 12:32 UTC (permalink / raw)
To: pve-devel
Every time when a new build is uploaded to appstoreconnect, the export
compliance [0] status needs to be manually selected. Since there are no
proprietary encryptions used in the app in-order to avoid manually
filling the export compliance add `ITSAppUsesNonExemptEncryption` [1]
to `Info.plist`.
- [0] https://developer.apple.com/help/app-store-connect/manage-app-information/overview-of-export-compliance
- [1] https://developer.apple.com/documentation/security/complying-with-encryption-export-regulations
References:
- https://medium.com/@thibault.jamet/navigating-export-compliance-a-flutter-developers-journey-to-the-app-store-ce7a5328f37d
- https://developer.apple.com/help/app-store-connect/reference/export-compliance-documentation-for-encryption
- https://www.reddit.com/r/FlutterDev/comments/1elm705/comment/lgyk31y/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button
Signed-off-by: Shan Shaji <s.shaji@proxmox.com>
---
changes since v1:
- Fixed broken link inside commit message.
ios/Runner/Info.plist | 2 ++
1 file changed, 2 insertions(+)
diff --git a/ios/Runner/Info.plist b/ios/Runner/Info.plist
index 9949e0f..a5587ed 100644
--- a/ios/Runner/Info.plist
+++ b/ios/Runner/Info.plist
@@ -22,6 +22,8 @@
<string>????</string>
<key>CFBundleVersion</key>
<string>$(FLUTTER_BUILD_NUMBER)</string>
+ <key>ITSAppUsesNonExemptEncryption</key>
+ <false/>
<key>LSRequiresIPhoneOS</key>
<true/>
<key>NSFaceIDUsageDescription</key>
--
2.50.1
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [pve-devel] [PATCH pve_flutter_frontend v2] chore: ios: add export compliance key to info.plist
2025-09-25 12:32 [pve-devel] [PATCH pve_flutter_frontend v2] chore: ios: add export compliance key to info.plist Shan Shaji
@ 2025-09-26 9:21 ` Dominik Csapak
2025-09-26 9:51 ` Thomas Lamprecht
0 siblings, 1 reply; 3+ messages in thread
From: Dominik Csapak @ 2025-09-26 9:21 UTC (permalink / raw)
To: Proxmox VE development discussion, Shan Shaji; +Cc: Thomas Lamprecht
I'm not a lawyer, but are you sure we are compliant with this?
the https client will use encryption, so it's not like we don't use
encryption at all. (Especially with the cupertino_http package)
I guess this is exempt, but having some reference for that (aside
some medium/reddit post) would be nice.
At least some kind of rationale in the commit would be good.
(IMHO 'we don't use proprietary encryption' is not a good reason
when also 'standard encryption' falls under the export regulation...)
@Thomas, what do you think?
On 9/25/25 2:32 PM, Shan Shaji wrote:
> Every time when a new build is uploaded to appstoreconnect, the export
> compliance [0] status needs to be manually selected. Since there are no
> proprietary encryptions used in the app in-order to avoid manually
> filling the export compliance add `ITSAppUsesNonExemptEncryption` [1]
> to `Info.plist`.
>
> - [0] https://developer.apple.com/help/app-store-connect/manage-app-information/overview-of-export-compliance
> - [1] https://developer.apple.com/documentation/security/complying-with-encryption-export-regulations
>
> References:
> - https://medium.com/@thibault.jamet/navigating-export-compliance-a-flutter-developers-journey-to-the-app-store-ce7a5328f37d
> - https://developer.apple.com/help/app-store-connect/reference/export-compliance-documentation-for-encryption
> - https://www.reddit.com/r/FlutterDev/comments/1elm705/comment/lgyk31y/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button
>
> Signed-off-by: Shan Shaji <s.shaji@proxmox.com>
> ---
> changes since v1:
> - Fixed broken link inside commit message.
>
> ios/Runner/Info.plist | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/ios/Runner/Info.plist b/ios/Runner/Info.plist
> index 9949e0f..a5587ed 100644
> --- a/ios/Runner/Info.plist
> +++ b/ios/Runner/Info.plist
> @@ -22,6 +22,8 @@
> <string>????</string>
> <key>CFBundleVersion</key>
> <string>$(FLUTTER_BUILD_NUMBER)</string>
> + <key>ITSAppUsesNonExemptEncryption</key>
> + <false/>
> <key>LSRequiresIPhoneOS</key>
> <true/>
> <key>NSFaceIDUsageDescription</key>
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [pve-devel] [PATCH pve_flutter_frontend v2] chore: ios: add export compliance key to info.plist
2025-09-26 9:21 ` Dominik Csapak
@ 2025-09-26 9:51 ` Thomas Lamprecht
0 siblings, 0 replies; 3+ messages in thread
From: Thomas Lamprecht @ 2025-09-26 9:51 UTC (permalink / raw)
To: Dominik Csapak, Proxmox VE development discussion, Shan Shaji
Am 26.09.25 um 11:21 schrieb Dominik Csapak:
> I'm not a lawyer, but are you sure we are compliant with this?
>
> the https client will use encryption, so it's not like we don't use
> encryption at all. (Especially with the cupertino_http package)
We use it, but we do not implement it, which is the key point
here.
> I guess this is exempt, but having some reference for that (aside
> some medium/reddit post) would be nice.
>
> At least some kind of rationale in the commit would be good.
> (IMHO 'we don't use proprietary encryption' is not a good reason
> when also 'standard encryption' falls under the export regulation...)
>
> @Thomas, what do you think?
We basically only need to check if any of the used dependencies
implements the (lower level) encryption that HTTPS builds upon
themselves, compared to using the platform libraries for that.
And doing so would be good in any case, which would be an actual
blocker for us anyway, i.e. independent of legal compliance with
app stores, as that needs to be thoroughly vetted then, and even
if we could to that (which I don't think we got the capacity to
thoroughly do for this, especially considering the ROI here),
would still need other to feel somewhat confident.
I quickly checked cupertino_http [0], and from what I saw it uses
only iOS platform native interfaces for TLS and the like, if that
holds true (please check closer), we would be indeed compliant and
can indeed signal this through setting ITSAppUsesNonExemptEncryption
flag to false.
[0]: https://github.com/dart-lang/http/tree/master/pkgs/cupertino_http/lib/src
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-09-26 9:51 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-09-25 12:32 [pve-devel] [PATCH pve_flutter_frontend v2] chore: ios: add export compliance key to info.plist Shan Shaji
2025-09-26 9:21 ` Dominik Csapak
2025-09-26 9:51 ` Thomas Lamprecht
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.