A quick followup to an earlier post: Apparently, you do need to go through the whole CCATS process to ship an iPhone app that makes HTTPS connections – even if the app uses no other encryption.
Although I’m only basing this on one guy’s report of his discussion with an AAPL “Sr. Export Compliance Specialist”, that report sounds pretty definitive. If you’re shipping an app with HTTPS (though you should check this for yourself) it sounds like you’ve got some bureaucracy in your future. Better start planning for it now.
Pingback: Things that were not immediately obvious to me » Blog Archive » OAuth and Export Controls