Need to apply for CCATS if using simple XOR cipher?

iTunesConnect states that developers need to get a CCATS Classification if using encryption in the app. My app uses a simple XOR obfuscation cipher when transferring 开发者_开发百科data over HTTP. Does this still fall under that requirement? If not, then what type of encryption need to be CCATS classified?

---

I am not qualified to offer legal advice.

Your probably need to consult with a lawyer to get a answer, as this is a legal matter.

I read the regulations here. My opinion is that if it is a publically available symetric algorithm, which XOR is, as long as the key length is 64-bit or less, then you don't need a license. So, if your key length is 64-bits or less, you do not fall under that requirement.

Again this is just my opinion, but from reading Title 15.B.VII.C.742.15, encryption that needs to be CCATS classified is:

• symetric encryption that uses key lengths longer than 64-bits
• proprietary (non-public) encryption with key lengths longer than 56-bits
• asymetric key exchange algorithms with key lengths greater than 512-bits
• elliptic curve algotihms with key lengths greater than 112-bits