Might be a basic question, but I wanted to confirm with someone who knows if the encryption libraries in
expo-secure-store are “open source encryption source code available for free online.”
I ask because I don’t have a traditional computer science background and don’t instantly know. I can’t see it from any
package.json files either.
I’m almost able to submit my Expo app to App and Play Store, and I’m running into compliance with US export law on products with encryption, the Encryption and Export Administration Regulations (EAR). It’s a little scary when App Store Connect Help tells I am responsible for interpreting the labyrinthine laws right, and I will be fully responsible for any liability coming from reporting my app’s use of encryption wrongly.
My guess is that
expo-secure-store falls under 2. on this guidance page from the US Dept of Commerce:
"Publicly available" encryption source code is not subject to the EAR once the email notification per section 742.15(b) is sent.
•A common example would be open source encryption source code available for free online.