Guideline 5.2.x

Guideline 5.2.x - Legal: Missing Export Compliance Declaration

Low RiskEasy0 Reports

Our Take

Your Info.plist is missing the ITSAppUsesNonExemptEncryption key. Without it, every TestFlight and App Store upload triggers a manual export compliance prompt, slowing down your release process.

Resolution Guide

01

**Determine your encryption usage** — If your app only uses standard HTTPS (URLSession, Alamofire, fetch) and no custom encryption, you qualify for the exemption.


02

**Add the key to Info.plist** — Add `ITSAppUsesNonExemptEncryption` with value `NO` (boolean false) to your Info.plist. This tells Apple your app uses only exempt encryption and skips the manual compliance prompt on each upload.


03

**If you use custom encryption** — If your app uses CryptoKit with non-standard algorithms, OpenSSL, libsodium, or custom AES/RSA implementations, set the value to `YES`. You will need to obtain an Encryption Registration Number (ERN) from the US Bureau of Industry and Security and provide it in App Store Connect.


04

**For Expo/React Native** — Add to `app.json` under `expo.ios.infoPlist`: `"ITSAppUsesNonExemptEncryption": false`. For bare RN, add directly to `ios/<AppName>/Info.plist`.


05

**Verify on next upload** — After adding the key, archive and upload. The export compliance prompt should no longer appear.

Prevention:

  • Add this key to Info.plist in every new iOS project
  • Include it in your project template or boilerplate
  • Community Solutions · 0

    Sign in to share your solution.

    More Guideline 5 (Legal) rejections

    View all Guideline 5 rejections