[guardian-dev] Crypto export regulations for apps on Google Play

[str4d]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello,

I have been developing the I2P Android and Bote apps for some time
now, and am aiming to publish them in the Google Play store. But both
apps involve cryptography (I2P at the network transport layer, Bote
for encrypted email), and I know little about crypto export
regulations (US or otherwise). The US export regulations have not been
an issue for us before, because the apps are publicly developed and
hosted outside the US.

I know there are several Guardian Project apps (and others on this ML)
already on Google Play that will have encountered these issues before
(Orbot, ChatSecure, TextSecure).

- - What was your experience with getting published?
- - How did you comply with the crypto export regulations for open
source software (which are still not clear to me, the website Google
linked to is not easy to comprehend)?
- - Are there countries that you cannot publish to, or where you have
had trouble doing so?
- - What advice can you give to developers of new apps using crypto?

str4d
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJURYIcAAoJEIA97kkaNHPn3bYP/3+xaOnBAij17v2CfS/KM02L
+KJs6oB7JsaUYGpqvQchDZ4nVXAOEtdZSmy4geQ8I4+jw/It7tT1zudUFZzizgAW
7X6LywNWtoJHRKExREjKcD7MCJBkweyLv/bSin1aboRXc6Mq/iH94lSxZifEXKyF
Tb+Fd/syc4vBaTbMR23j6DVHCl4Am4lCDa/GLdORqhIgAgoYBJTpjZrX6pnz+yYH
xZTVlu+G3SYmlG1EvyWHlkZZST0gNU6XLnMuNqlySffuCGfcQfg5dxLyuicCmnvf
kZJ53QhVppzQToY/7ypB8oU1gZOyLiGDpek1G1Z6u65VVmHNvAvVApncRstjTbsL
+aiFURXknm/EnRV/GZTZfeiNiGOs2KntNZLJmg9E2SjhvmVUfR/8LTTBypDz+Q8X
y5ZlX95M1u3yjJfri3M8DSsoXhws2nNxD980O7TxvwYqBQJRlNx9bfILNqIP9+gC
1P6H3L6NO8ThzS9OpcHjWSnE9dECjAE8VtD3amKArq+Mb/mJRRvvPD2JoDq2RcqI
DeQPtVDKv+BLFcGa8ivUPFzWnj5IAMmwYR5k/i2Za9nC2oegIsybrhj3WU90K5Wq
DrL1Ia3CAs5Bobja65WYe3CntLtsEhbBSnge/DFgMcQNnHMnPd8kz5I6tCfTAC1M
D3n9mgiIZEWMimxpr5Pc
=+BUH
-----END PGP SIGNATURE-----