See the following sections for important compliance information for OneSpan Mobile Security Suite.
Apple encryption compliance information
After uploading a branded app to Testflight or the iOS App Store, you are required to answer the Export Compliance question regarding the use of cryptography. Mobile Security Suite uses only the encryption methods available in iOS. Mobile Security Suite does not use any of the following encryption methods:
Encryption algorithms that are proprietary or not accepted as standard by the international standard bodies (IEEE, IETF, ITU, etc.)
Standard encryption algorithms instead of, or in addition to, using or accessing the encryption within Apple's operating system.
Therefore, regarding your app's dependencies from Mobile Security Suite, you can select None of the algorithms above for the Export Compliance question.
You are responsible for reviewing the encryption methods used in your app and all other dependencies to ensure compliance with Apple's guidelines.
Compliance with Federal Information Processing Standards (FIPS)
Mobile Security Suite uses cryptographic libraries that are certified according to NIST FIPS 140-2.
On iOS, Mobile Security Suite uses the Apple native cryptographic libraries, which are FIPS 140-2-validated. For more information, refer to the Apple Support pages about platform certifications.
On Android, Mobile Security Suite relies on the Android cryptographic libraries, typically based on BoringSSL which are also FIPS140-2-validated. For more information, refer to the Cryptographic Algorithm Validation Program site of the National Institute of Standards and Technology’ Computer Security Resource Center.