●MAX — Rork Max builds native Swift apps rather than React Native, spanning iPhone, iPad, Apple Watch, Apple TV, Vision Pro, and iMessage●APIS — It reaches native Apple APIs including SwiftUI, ARKit, HealthKit, HomeKit, Core ML, and Metal, so AR/LiDAR scanning and on-device ML are in scope●CLOUD — Rork Max writes Swift, compiles it on cloud-hosted Macs, and streams a live simulator that accepts real touch input●SUBMIT — From there it prepares the build for device install or App Store submission●SEED — Rork raised a $15M seed led by Left Lane Capital in April, joined by Peak XV and a16z Speedrun●PRICE — It's free to start at roughly 5 prompts a week, paid plans begin at $25/month, and Rork Max runs $200/month●MAX — Rork Max builds native Swift apps rather than React Native, spanning iPhone, iPad, Apple Watch, Apple TV, Vision Pro, and iMessage●APIS — It reaches native Apple APIs including SwiftUI, ARKit, HealthKit, HomeKit, Core ML, and Metal, so AR/LiDAR scanning and on-device ML are in scope●CLOUD — Rork Max writes Swift, compiles it on cloud-hosted Macs, and streams a live simulator that accepts real touch input●SUBMIT — From there it prepares the build for device install or App Store submission●SEED — Rork raised a $15M seed led by Left Lane Capital in April, joined by Peak XV and a16z Speedrun●PRICE — It's free to start at roughly 5 prompts a week, paid plans begin at $25/month, and Rork Max runs $200/month
Killing the Export Compliance Prompt in Rork Builds for Good
Every Rork and Rork Max build lands in App Store Connect with a Missing Compliance warning. Here is how to decide whether you qualify for the exemption, and how to set it once in app.json or Info.plist so the question never returns.
Rork Max promises a two-click path to the App Store, and the build itself lives up to it — no code signing, no provisioning profiles, nothing you have to think about. Then you open App Store Connect and there it is next to your fresh build: a yellow Missing Compliance badge.
It means the export compliance declaration for encryption has not been answered. Until it is, that build cannot go to TestFlight and cannot be submitted for review. The worse part is that if you just click through it, you get asked again on the next build, and the one after that. A two-click release turns into a two-click release plus a browser detour, forever.
I run a handful of wallpaper apps on iOS and Android as an indie developer, with AdMob and in-app purchases wired in, and for an embarrassingly long stretch I answered this question by hand every single time. One config line would have ended it.
The question is not "do you use encryption"
The trap is in how the question reads. "Does your app use encryption?" — well, it talks to an API over HTTPS, so surely the answer is yes. That is the answer I gave the first time, and it walked me straight into a screen asking me to upload documentation.
Apple's own Complying with Encryption Export Regulations draws the line somewhere else entirely: encryption built into the operating system — HTTPS through URLSession, for instance — is exempt from the documentation requirement. What is not exempt is proprietary cryptography that you brought in yourself.
So the real question is: did you add crypto that Apple did not already give you? Once that clicks, the decision takes about two minutes.
Three checks that settle it
What your app does
Classification
Declare
HTTPS traffic via URLSession / fetch only
OS-standard crypto (exempt)
false
Keychain / SecureStore storage, Data Protection
Standard APIs (exempt)
false
No encryption at all
Not applicable
false
Your own algorithm, a hand-rolled E2E protocol
Non-exempt
true
A VPN tunnel you implemented, a vault with non-standard crypto
Non-exempt
true
Nearly everything Rork generates — hit an API, render the data, stash a token in SecureStore, drop in an ads or billing SDK — sits in the top three rows. The same holds when Rork Max reaches into HealthKit or Core ML on the native side: those are standard APIs, not crypto you smuggled in.
My working rule: if you did not personally write cryptographic code, the answer is false.
✦
Thank you for reading this far.
Continue Reading
What follows includes implementation code, benchmarks, and practical content we hope you'll find useful. This site runs without ads — server and development costs are supported entirely by members like you. If it's been helpful, we'd be truly grateful for your support.
WHAT YOU'LL LEARN
✦You can retire the Missing Compliance warning that stalls every submission, with a single line of config
✦You can decide for yourself whether your app qualifies for the exemption, using 3 checks: HTTPS, Keychain, and custom crypto
✦You can diagnose the 3 reasons the setting silently fails to apply, and verify the shipped ipa with one command
Secure payment via Stripe · Cancel anytime
✦
Unlock This Article
Get full access to the rest of this article. Buy once, read anytime. This site is ad-free — your support goes directly toward keeping it running.
Rork proper is built on Expo, so this lives in app.json (or app.config.js).
{ "expo": { "name": "My Wallpaper App", "slug": "my-wallpaper-app", "ios": { "bundleIdentifier": "net.example.mywallpaper", "config": { // false = no non-exempt encryption (HTTPS / Keychain only) // This becomes ITSAppUsesNonExemptEncryption in the ipa's Info.plist "usesNonExemptEncryption": false } } }}
Per the Expo config reference, ios.config.usesNonExemptEncryption writes ITSAppUsesNonExemptEncryption into the standalone ipa's Info.plist. Push it through to native and rebuild:
# 1. Regenerate the native project so the key lands in Info.plistnpx expo prebuild --platform ios --clean# 2. Read it back — do not assume it applied/usr/libexec/PlistBuddy -c "Print :ITSAppUsesNonExemptEncryption" \ ios/MyWallpaperApp/Info.plist# expected: false# 3. Build and submiteas build --platform ios --profile productioneas submit --platform ios --latest
Do not skip step 2. "I set it but it didn't take" is where the hours disappear.
Setting it once in Rork Max (native Swift)
Rork Max emits native Swift rather than React Native, so there is no app.json. The key goes straight into Info.plist. If the distinction between the two products is still fuzzy, this breakdown of Rork vs Rork Max covers the split.
<!-- Info.plist --><?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict> <key>CFBundleShortVersionString</key> <string>2.1.0</string> <!-- No non-exempt encryption. The Connect prompt stops appearing. --> <key>ITSAppUsesNonExemptEncryption</key> <false/></dict></plist>
If the Rork Max editor does not expose Info.plist directly, prompting for it works fine: "add ITSAppUsesNonExemptEncryption to Info.plist with a value of false" comes back as a one-key diff. Keeping your prompts that surgical is also how generated code stays something you can maintain by hand later.
This key changes build metadata and nothing else. Your app behaves identically.
When the setting doesn't stick
Three causes cover almost every report.
1. prebuild never ran, or a cached build won
Editing app.json does not touch an already-generated ios/ directory. Run npx expo prebuild --clean, or force a clean build:
eas build --platform ios --profile production --clear-cache
2. ios.config and ios.infoPlist are fighting each other
Expo also exposes ios.infoPlist for injecting arbitrary keys. Both routes write the same key, and conflicting values cancel out. Pick one.
{ "expo": { "ios": { // Do not set both. If you use config, drop it from infoPlist. "config": { "usesNonExemptEncryption": false }, "infoPlist": { "ITSAppUsesNonExemptEncryption": false } } }}
3. You hit the known case where the build tool ignores it
There are open reports of ios.config.usesNonExemptEncryption not being honored during EAS builds, leaving you with an interactive prompt anyway. The reliable defense is to stop trusting the config and inspect the artifact — script below.
If App Store Connect has already locked into asking every time, you can reset the answer under the app's App Information → Export Compliance Documentation. With the key present, the next build will not raise the question at all.
What answering "true" actually signs you up for
Worth knowing purely so you never check it by accident.
If you genuinely ship non-exempt crypto, you either hand documentation to Apple or file an annual self-classification report with the US Bureau of Industry and Security, due each February 1. Depending on the algorithm, a formal CCATS classification or an encryption registration (ERN) may also be required — and App Store Connect's help is explicit that making that call is your responsibility, not Apple's.
Shipping to the French App Store adds a separate French encryption declaration, aimed mainly at secure storage, secure messaging, and anti-virus apps.
For a solo developer, that paperwork earns its keep only when custom E2E encryption is the product. It stacks on top of the $99/year Apple Developer Program, in hours rather than dollars. Design around Keychain and HTTPS and you never enter this room at all — which is the trade I recommend unless you have a specific reason not to.
Verify the artifact, not the config
#!/usr/bin/env bash# check-encryption-key.sh — verify the declaration key before you submitset -euo pipefailIPA_PATH="${1:?usage: ./check-encryption-key.sh <path-to.ipa>}"TMP_DIR="$(mktemp -d)"trap 'rm -rf "$TMP_DIR"' EXITunzip -q "$IPA_PATH" -d "$TMP_DIR"PLIST="$(find "$TMP_DIR/Payload" -maxdepth 2 -name Info.plist | head -1)"if [ -z "$PLIST" ]; then echo "No Info.plist found in: $IPA_PATH" exit 1fi# The plist may be binary — normalize to XML before readingplutil -convert xml1 "$PLIST" -o "$TMP_DIR/out.plist"if grep -q "ITSAppUsesNonExemptEncryption" "$TMP_DIR/out.plist"; then VALUE="$(/usr/libexec/PlistBuddy -c \ 'Print :ITSAppUsesNonExemptEncryption' "$TMP_DIR/out.plist")" echo "OK — ITSAppUsesNonExemptEncryption = ${VALUE}"else echo "MISSING — Connect will ask on every single build" exit 1fi
No Mac in your setup because Rork Max compiles in the cloud? Then let TestFlight finish processing and treat "no warning icon in the build list" as your check. This piece on reclaiming pre-submission self-audits covers the other items that quietly vanish when Xcode is not in the loop.
Fold it into the setup, once
You set this key once per app, for the lifetime of the app. Which means the cheapest moment to do it is right when you create the project — same pass as the bundle ID, the version string, the icon.
So: open the app.json of whatever Rork project is on your screen right now (or Info.plist, on Rork Max) and look for usesNonExemptEncryption. If it isn't there, add the line, run prebuild, and call it a day. For the wider release path, the two-click publishing walkthrough picks up from there.
Small recurring warnings are the ones that never get fixed. Clearing them one at a time has made shipping feel noticeably lighter for me — I hope it does the same for you.
Share
Thank You for Reading
Rork Lab is ad-free, supported entirely by members like you. We publish practical guides daily with implementation code, benchmarks, and production-ready patterns. If you've found it useful, we'd love to have you on board.