What's the best way to store data that one iOS app sends to another?

[Mark Wilcox]

Hi all,

Third attempt at my original first post to the list after writing far too much - I'll do shorter versions and split it in two.

I'm new to LiveCode but went for the lifetime commercial license in the Kickstarter campaign so I'm planning to get a lot more active after I finish my current project in a few months.

I'll leave LiveCode specific issues to the experts until I get up to speed but I do have plenty of experience with both mobile platforms and open source, so I'll try to add some value there...

On Mon, 8 Apr 2013 05:14:51 -0500 Geoff Canyon wrote:

> I didn't know encryption was an issue for the App Store. I'm working on pretty non-sensitive stuff, so some variant of what you're doing should work.


> Thanks!

> Sent from my iPad

On Apr 7, 2013, at 8:10 AM, John Craig <john at splash21.com> wrote:

> I don't rely on SSL - to avoid any potential hassles with Apple's app store - "Does your application use encryption?".


There's a lot of confusion about this online and plenty of outdated or plain wrong info posted to sites like StackOverflow, which you're likely to find first if you search.

SSL is absolutely fine to use in app store apps, particularly for authentication but in most cases for everything else you do on the network too. The questions on app submission are related to the very stupid export control laws that many countries have on strong encryption technology. The laws vary from country to country but mostly only apply if you export source code and sometimes binaries that implement strong encryption. Having had a quick look at the LiveCode source I think you're OK here for iOS and Mac at least - LiveCode does ship with OpenSSL for some platforms but I didn't see any Xcode projects - it'd be good if someone could confirm the built-in SSL libs are being used for HTTPS on Apple platforms? If I remember correctly, the app store submission question asks if your app "contains" encryption, which it won't if you're only using the platform implementation.

In the USA there are/were extra stupid export laws relating to any app that uses encryption - these got changed to only cover apps whose primary purpose is encryption (e.g. encrypted communication or storage). There are automatic exemptions for almost all consumer and business apps that simply use standard encryption tech. Look up "Note 4" to "Category 5 part 2" export control regulations if you want to verify for yourself.  If you do find out/decide that your specific app does need you to register for exporting encryption tech then it's a relatively painless thing to do and in most cases can be completed online.

Finally from a completely practical standpoint, I've been involved with several iOS apps for large brands with cautious legal departments who have happily just said no to the first app submission question on encryption and they all used SSL for their server comms. Apple does not very actively police this area, they're just making sure they do their bit with regard to ensuring developers comply with the law. The laws exist (and you have to decide whether there's any reason for you to worry about them) and apply to all platforms equally - even websites where the SSL implementation is already in the browser rather than device at either end.

Mark