问题
Consider an application that transfers xml messages with custom encrypted content through a tcp based protocol. Is there any policy from google play that enforces us to use a specific kind of encryption? Does google play forces us to get encryption export certificates for the encryption used (Twofish)? Should we contact with google play and inform about our application?
回答1:
To publish an app on Google Play you need to agree that you follow U.S export regulations. This means if your app is using encryption and meets some rules you need to get an ERN (encryption registration number).
Depending of what kind of encryption you are using you might not need to apply for an ERN. You do not need an ERN if
Products with key lengths not exceeding 56 bits symmetric, 512 bits asymmetric and/or 112-bit elliptic curve.
Mass market products with key lengths not exceeding 64 bits symmetric, or if no symmetric algorithms, not exceeding 768 bits asymmetric and/or 128 bits elliptic curve.
Products that use encryption for authentication only.
There are also exceptions to these rules. However, since it is rather complicated, you better go to http://www.bis.doc.gov/index.php/policy-guidance/encryption and read the original document.
If you need an ERN you might me able to make a self-classification if your app meets some criteria. If so you can sign up for a SNAP-R account and apply for a ERN.
If you are uncertain about the rules you should contact BIS rather than Google.
来源:https://stackoverflow.com/questions/26034384/google-play-store-messages-encryption-policy