RORK LABJP
TOOLING — Rork's developer repos keep moving: rork-xcode was updated on July 16, rork-device on July 15, and rork-plist on July 13OPUS46 — Claude Opus 4.6 is live in Rork, and Rork Max is built to assemble apps on top of Claude CodeSIM — A cloud iOS simulator runs in the browser, with one click to install on a device and two clicks to publish to the App StoreMAX — Rork Max emits pure Swift rather than React Native, reaching iPhone, iPad, Apple Watch, Apple TV, Vision Pro, and even iMessageNATIVE — That opens up HealthKit, ARKit and LiDAR, NFC, Dynamic Island, Live Activities, 3D through Metal, and on-device inference with Core MLSEED — Rork raised a $15M seed led by Left Lane Capital, with Peak XV and a16z Speedrun joining the roundTOOLING — Rork's developer repos keep moving: rork-xcode was updated on July 16, rork-device on July 15, and rork-plist on July 13OPUS46 — Claude Opus 4.6 is live in Rork, and Rork Max is built to assemble apps on top of Claude CodeSIM — A cloud iOS simulator runs in the browser, with one click to install on a device and two clicks to publish to the App StoreMAX — Rork Max emits pure Swift rather than React Native, reaching iPhone, iPad, Apple Watch, Apple TV, Vision Pro, and even iMessageNATIVE — That opens up HealthKit, ARKit and LiDAR, NFC, Dynamic Island, Live Activities, 3D through Metal, and on-device inference with Core MLSEED — Rork raised a $15M seed led by Left Lane Capital, with Peak XV and a16z Speedrun joining the round
Articles/Dev Tools
Dev Tools/2026-05-27Intermediate

Killing the Recurring iOS Missing Compliance Warning in Rork with One Info.plist Key

Walks through why every Rork-built iOS upload shows a yellow Missing Compliance flag on TestFlight, and how a single ITSAppUsesNonExemptEncryption key in your app.json removes it for good. Written from the perspective of an indie developer shipping six wallpaper apps in parallel.

Missing ComplianceITSAppUsesNonExemptEncryptionTestFlight11App Store Connect10iOS109Info.plist5Expo149Rork515Export Compliance

Open the TestFlight tab in App Store Connect right after uploading a Rork-built iOS binary and you will almost certainly see a yellow Missing Compliance marker. Click Manage and Apple asks whether your app uses encryption. Almost every developer hits this on their first iOS submission. As an indie developer who has been shipping iOS apps since 2014 and running on AdMob revenue, I used to answer that dialog by hand for years before I realized it can be defused permanently with a single line in Info.plist.

Leaving the flag in place blocks external TestFlight distribution and any App Store submission, so for someone with 50M+ cumulative downloads across a Dolice catalog of wallpaper and utility apps, this is the kind of pothole you want to fill on the very first release. Here is how the warning is generated, how to add the right Info.plist key from a Rork project, and how to clean up the builds that already shipped with the flag attached.

Why Missing Compliance keeps appearing

iOS apps fall under the US Export Administration Regulations because they ship encrypted communication around the world. App Store Connect's Manage panel is Apple's front end for collecting the information they need on your behalf.

The form really asks two questions. Does your app use encryption at all? And if it does, does that encryption fall into one of the exemptions defined by the regulation? Hitting Skip does not answer either question, it only defers them, so the same panel comes back for the next build, the next tester invite, and every submission attempt.

The important nuance is that HTTPS, iOS system APIs, and basic local hashing for credentials are all on the exempt side of Apple's published guidance. A Rork project that talks to your backend over fetch(), lets AdMob fetch ads over TLS, or pulls Remote Config from Firebase falls comfortably inside the exempt bucket. Most Rork wallpaper apps, utility apps, and AI chat apps end up in that same category, which means we can declare the exemption mechanically in Info.plist instead of clicking through the dialog every release.

The one key that ends the loop

The Info.plist key Apple provides for the permanent answer is ITSAppUsesNonExemptEncryption. The phrasing is slightly backwards from intuition, so read it carefully.

  • false means "I do not use any non-exempt encryption." The dialog disappears.
  • true means "I use non-exempt encryption." You then have to register an ECCN and file annual reports.
  • Omitting the key forces the manual prompt every time.

The decision rule is simple. If your app does not bundle a custom encryption library and does not sell encryption as a feature, false is the right answer for the vast majority of Rork apps. Wallpaper apps, utilities, lightweight AI chat front ends, and most AdMob-monetized apps fall into this bucket because everything they do flows through standard HTTPS or Apple's CryptoKit. I usually double check the export compliance FAQ for any new SDK before flipping the switch, just to keep my own house clean.

Setting it from a Rork project

Rork builds iOS through Expo's app.json (or app.config.js), so you never have to touch the Xcode Info.plist file directly. The right place is the ios.infoPlist block:

{
  "expo": {
    "name": "MyApp",
    "slug": "my-app",
    "version": "1.4.0",
    "ios": {
      "bundleIdentifier": "com.example.myapp",
      "buildNumber": "1",
      "infoPlist": {
        "ITSAppUsesNonExemptEncryption": false
      }
    }
  }
}

Write the value as the JSON literal false, not the string "false". Plist generators preserve string values verbatim, and Apple's checker only treats the actual boolean as a valid answer. This is the first thing I trip on whenever I copy a snippet from somewhere, and I have watched several friends doing indie dev hit exactly the same wall.

If you prefer app.config.js, the equivalent is straightforward:

export default {
  expo: {
    name: "MyApp",
    ios: {
      infoPlist: {
        ITSAppUsesNonExemptEncryption: false,
      },
    },
  },
};

After saving, kick off your next build (eas build --platform ios --profile production for EAS, or just rerun the Rork cloud build) and the new binary will carry the key.

Clearing builds already on App Store Connect

The Info.plist change only affects future builds, so any binary that is already sitting in TestFlight with a yellow flag needs to be cleared manually before you can hand it to external testers or submit it to the store.

Open the build in TestFlight, click Manage next to Export Compliance Information, and answer:

  • "Does your app use encryption?" — Yes
  • "Does your app qualify for any of the exemptions?" — Yes
  • "Does your app implement any standard encryption algorithms instead of, or in addition to, using or accessing the encryption within Apple's operating system?" — No

That combination matches what an HTTPS-only Rork app is actually doing, and it removes the flag from that specific build. If you genuinely ship custom cryptography, this is the place to switch to Yes and start the ERN and annual self-classification process instead.

Annual self-classification, in one paragraph

The yearly BIS self-classification report only becomes relevant if you flip the key to true. The Apple-side guidance is that a false answer means you do not need to file. I keep two streams in my own catalog: HTTPS-only apps go straight to false and never see the dialog again, while the small number of apps that ship custom encryption get the annual filing as a separate workflow. The mistake I want to avoid is leaving everything at Skip out of caution, because then every release waits on manual approval.

Verifying the fix

Build, upload, and check the new build under Activity or the TestFlight tab. The right-side flag should not appear, and you should be able to assign the build to an external testing group without a Manage prompt. If you upload from Xcode directly, you can open ios/MyApp/Info.plist and look for ITSAppUsesNonExemptEncryption written as <false/> to confirm. When Rork or Expo build caches make the change look like it has not taken effect, a single expo prebuild --clean will rebuild the native project cleanly.

Once the key is in your app.json, Manage drops out of your release workflow for good. In my own pipeline across six wallpaper apps, that one removal alone shaved off a chunk of manual clicking every week. The more often you ship, the more this single line pays off.

If you have an iOS build planned today, add ITSAppUsesNonExemptEncryption: false to ios.infoPlist in your app.json before kicking it off, and watch the next upload land without the yellow flag.

Share

Thank You for Reading

Rork Lab is ad-free, supported entirely by members like you. We publish practical guides daily with implementation code, benchmarks, and production-ready patterns. If you've found it useful, we'd love to have you on board.

  • Copy-paste ready implementation code
  • New advanced guides published daily
  • $5/mo or $10 for lifetime access
View Membership →

If you found this article helpful, a small tip ($1.50) would mean a lot to us. Your support helps keep this site ad-free and covers server and hosting costs.

Related Articles

Dev Tools2026-05-21
Rork iOS App Rejected with ITMS-90683 on TestFlight — How to Fix Missing Purpose Strings via app.json
If your Rork-built iOS app passes upload but gets an email titled ITMS-90683: Missing Purpose String in Info.plist, this guide walks through the real cause and the permanent fix via app.json, based on 12 years of shipping personal iOS apps with the same problem appearing across new SDK updates.
Dev Tools2026-06-29
Handling iOS Limited Photo Library Access in a Rork (Expo) App
Handle iOS limited photo library access (selected photos only) correctly in a Rork (Expo) app. Covers the three states of full / limited / denied, designing a screen that works from the selected subset, and a path to add more photos, all with working code.
Dev Tools2026-06-26
Import the User's Own Image From the Files App in a Rork App, Without the URL Going Stale
Pull images from the Files app or iCloud Drive and the URL you picked goes invalid moments later. Here is how expo-document-picker, security-scoped URLs, and a reliable copy into your sandbox actually work, with running code.
📚RECOMMENDED BOOKS
Build a Large Language Model (From Scratch)
Sebastian Raschka
LLM Dev
Prompt Engineering for LLMs
Berryman & Ziegler
Prompting
AI Engineering
Chip Huyen
AI Eng
* Contains affiliate links
See all →