From f9d1ceaf07f5e47c17099604a25eef32a0219b2c Mon Sep 17 00:00:00 2001 From: julepka Date: Fri, 26 Mar 2021 21:45:27 +0200 Subject: [PATCH 1/4] add info about crypto regulations --- Document/0x04g-Testing-Cryptography.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/Document/0x04g-Testing-Cryptography.md b/Document/0x04g-Testing-Cryptography.md index 4e3e93682d..cb2f625445 100644 --- a/Document/0x04g-Testing-Cryptography.md +++ b/Document/0x04g-Testing-Cryptography.md @@ -199,3 +199,15 @@ In larger organizations, or when high-risk applications are created, it can ofte - MSTG-CRYPTO-2: "The app uses proven implementations of cryptographic primitives." - MSTG-CRYPTO-3: "The app uses cryptographic primitives that are appropriate for the particular use-case, configured with parameters that adhere to industry best practices." - MSTG-CRYPTO-4: "The app does not use cryptographic protocols or algorithms that are widely considered deprecated for security purposes." + +## Cryptography Regulations + +When you upload the app to the App Store or Google Play, your application is typically stored on a US server. If your app contains cryptography and is distributed to any other country, it is considered a cryptography export. It means that you need to follow US export regulations for cryptography. Also, some countries have import regulations for cryptography. + +### References + +- [Complying with Encryption Export Regulations (Apple)](https://developer.apple.com/documentation/security/complying_with_encryption_export_regulations "Complying with Encryption Export Regulations") +- [Export compliance overview (Apple)](https://help.apple.com/app-store-connect/#/dev88f5c7bf9 "Export compliance overview") +- [Export compliance (Google)](https://support.google.com/googleplay/android-developer/answer/113770?hl=en "Export compliance") +- [Encryption and Export Administration Regulations (USA)](https://www.bis.doc.gov/index.php/policy-guidance/encryption "Encryption and Export Administration Regulations") +- [Encryption Control (France)](https://www.ssi.gouv.fr/en/regulation/cryptology/ "Encryption Control") From 7fec466418964e9121376b3cefe555db8428b407 Mon Sep 17 00:00:00 2001 From: julepka Date: Fri, 26 Mar 2021 22:04:47 +0200 Subject: [PATCH 2/4] removed trailing space --- Document/0x04g-Testing-Cryptography.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Document/0x04g-Testing-Cryptography.md b/Document/0x04g-Testing-Cryptography.md index cb2f625445..73c4015b00 100644 --- a/Document/0x04g-Testing-Cryptography.md +++ b/Document/0x04g-Testing-Cryptography.md @@ -206,7 +206,7 @@ When you upload the app to the App Store or Google Play, your application is typ ### References -- [Complying with Encryption Export Regulations (Apple)](https://developer.apple.com/documentation/security/complying_with_encryption_export_regulations "Complying with Encryption Export Regulations") +- [Complying with Encryption Export Regulations (Apple)](https://developer.apple.com/documentation/security/complying_with_encryption_export_regulations "Complying with Encryption Export Regulations") - [Export compliance overview (Apple)](https://help.apple.com/app-store-connect/#/dev88f5c7bf9 "Export compliance overview") - [Export compliance (Google)](https://support.google.com/googleplay/android-developer/answer/113770?hl=en "Export compliance") - [Encryption and Export Administration Regulations (USA)](https://www.bis.doc.gov/index.php/policy-guidance/encryption "Encryption and Export Administration Regulations") From 8faf540f09d69d07b63822048150bd79af01822b Mon Sep 17 00:00:00 2001 From: julepka Date: Tue, 30 Mar 2021 11:56:31 +0300 Subject: [PATCH 3/4] add reference to MSTG-ARCH-12 --- Document/0x04g-Testing-Cryptography.md | 1 + 1 file changed, 1 insertion(+) diff --git a/Document/0x04g-Testing-Cryptography.md b/Document/0x04g-Testing-Cryptography.md index 73c4015b00..d5c461ac36 100644 --- a/Document/0x04g-Testing-Cryptography.md +++ b/Document/0x04g-Testing-Cryptography.md @@ -206,6 +206,7 @@ When you upload the app to the App Store or Google Play, your application is typ ### References +- MSTG-ARCH-12: "The app should comply with privacy laws and regulations." - [Complying with Encryption Export Regulations (Apple)](https://developer.apple.com/documentation/security/complying_with_encryption_export_regulations "Complying with Encryption Export Regulations") - [Export compliance overview (Apple)](https://help.apple.com/app-store-connect/#/dev88f5c7bf9 "Export compliance overview") - [Export compliance (Google)](https://support.google.com/googleplay/android-developer/answer/113770?hl=en "Export compliance") From 55e3f299907801ffac8d58751d31c2c26c71966c Mon Sep 17 00:00:00 2001 From: Carlos Holguera Date: Thu, 30 Jun 2022 09:43:44 +0200 Subject: [PATCH 4/4] Update Document/0x04g-Testing-Cryptography.md Co-authored-by: Jeroen Beckers --- Document/0x04g-Testing-Cryptography.md | 1 + 1 file changed, 1 insertion(+) diff --git a/Document/0x04g-Testing-Cryptography.md b/Document/0x04g-Testing-Cryptography.md index d5c461ac36..65f0104775 100644 --- a/Document/0x04g-Testing-Cryptography.md +++ b/Document/0x04g-Testing-Cryptography.md @@ -212,3 +212,4 @@ When you upload the app to the App Store or Google Play, your application is typ - [Export compliance (Google)](https://support.google.com/googleplay/android-developer/answer/113770?hl=en "Export compliance") - [Encryption and Export Administration Regulations (USA)](https://www.bis.doc.gov/index.php/policy-guidance/encryption "Encryption and Export Administration Regulations") - [Encryption Control (France)](https://www.ssi.gouv.fr/en/regulation/cryptology/ "Encryption Control") +- [World map of encryption laws and policies](https://www.gp-digital.org/WORLD-MAP-OF-ENCRYPTION/)