Apple App Store Connect Missing Compliance Info for Encryption - Export Compliance Metadata Fix

Problem - Missing compliance info for encryption

You upload an iOS build to App Store Connect (often from Xcode, Unity Cloud Build, or a CI pipeline). Processing finishes, but the build shows Missing Compliance or Apple asks you to provide export compliance information before TestFlight testers can install or before App Review can proceed.

You may see wording similar to:

• Missing Compliance on the build row
• A prompt to describe your app's encryption
• A requirement to answer export compliance questions for each binary

This is not a code bug. It is metadata and legal classification for how your app uses cryptography under export rules. Games still hit it constantly because middleware, analytics, and multiplayer stacks almost always use TLS or other encryption.

Why this happens

Apple must record whether your app uses encryption that falls under export administration rules. Until that record exists for a specific build, App Store Connect blocks distribution for that build.

Common triggers:

1. First build for the app or first build after a long gap where questionnaires were never completed.
2. Info.plist does not declare ITSAppUsesNonExemptEncryption, so Apple cannot auto-assume exempt-only usage.
3. Your app does use custom or non-standard crypto (voice obfuscation, bespoke protocols, VPN features) but the questionnaire was answered like a simple HTTPS client.
4. A new binary uploaded without reusing prior compliance answers when Apple expects an update.

Fix - Fast path for typical games (HTTPS and standard stacks)

Most Unity games that only use HTTPS/TLS for APIs, store SDKs, and normal platform services can declare exempt encryption and unblock quickly.

Step 1 - Answer the questionnaire in App Store Connect

1. Open App Store Connect → your app → TestFlight (or Distribution / App Store tab depending on layout).
2. Select the build that shows Missing Compliance.
3. Click Manage / Provide Export Compliance Information (labels vary slightly).
4. For a typical consumer game using standard encryption only (HTTPS, Apple APIs, platform TLS), answer that the app uses encryption in a form that qualifies for exemption under applicable rules, following Apple's on-screen definitions.
5. Save. Wait for the build row to clear Missing Compliance (refresh after a minute).

Pro tip: Keep a short internal note of exact answers you used so the next build does not stall while someone guesses what the last producer selected.

Step 2 - Add ITSAppUsesNonExemptEncryption to your iOS Info.plist

If you only use exempt categories (again: typical HTTPS client behavior, no custom strong crypto), set the plist flag so future uploads inherit a clear default.

Unity (recommended pattern)

1. Open Edit → Project Settings → Player → iOS.
2. Locate Other Settings / Identification (exact grouping depends on Unity version) and find controls related to Encryption or Export Compliance if Unity exposes them for your version.
3. If Unity does not expose a toggle, add the key through an iOS PostProcessBuild script or an Info.plist template Unity merges at build time:

<key>ITSAppUsesNonExemptEncryption</key>
<false/>

That pair means: the app does not use non-exempt encryption as defined for that declaration path. It is the usual pairing for HTTPS-only games when your legal review agrees.

Common mistake: Setting the key to false while the app ships a custom encrypted tunnel, proprietary DRM, or non-exempt features. That mismatch can create serious compliance risk, not just a UI delay.

Step 3 - Re-upload only if Apple still blocks

If the questionnaire is complete but the build still shows compliance issues:

• Confirm you edited the same target and bundle identifier Apple expects.
• Increment build number, produce a new archive, upload again.
• Check for multiple targets (watch companion, extensions) that also need plist keys.

Verification checklist

• App Store Connect build row no longer shows Missing Compliance.
• Internal TestFlight installs succeed on a clean device that was not side-loaded.
• Your Info.plist in the shipped IPA matches what you think you set (inspect the processed app in Xcode Organizer or an archive viewer).
• Legal or production stakeholders signed off on the encryption answers if your game is non-trivial.

Alternative paths when you are not "HTTPS only"

If your product uses custom cryptography, VPN-style tunneling, end-to-end chat you control, or other non-exempt categories:

• Do not force ITSAppUsesNonExemptEncryption to false without counsel.
• Use Apple's questionnaire paths that match actual behavior.
• You may need documentation or filings beyond this article. Treat App Store Connect prompts as a signal to involve whoever owns export compliance for your company.

Prevention

• Add export compliance to your release checklist right next to icons and privacy nutrition labels.
• After Unity or Xcode upgrades, re-open Player Settings and confirm plist merge scripts still run (PostProcessBuild order changes can drop keys).
• For CI uploads, store questionnaire answers in a secure runbook so operators do not improvise under deadline pressure.

Related problems and links

• iOS signing and Cloud Build friction often show up next to compliance stalls. If signing is failing before upload, start with Unity Cloud Build iOS Fails with Xcode 17 Signing Error - Provisioning Profile and Team ID Fix.
• Store purchase flows are separate but nearby operationally. For purchase stuck states, see Unity IAP Purchase Not Completing - In-App Purchase Fix.
• Official Apple reference for the plist key: ITSAppUsesNonExemptEncryption.

FAQ

Does every new build need the questionnaire again?

Not always. Apple often reuses prior answers for the same app when metadata still matches. You still see prompts whenever Apple needs a refresh or when something changed in export classification rules or your declared behavior.

Is HTTPS "encryption" for this form?

Yes. That is why almost every networked game must answer the questions. Many games still qualify for exempt treatment when they only use standard platform mechanisms. Read Apple's definitions in the questionnaire literally rather than assuming.

Where does Unity write the plist?

Unity generates an Info.plist during the iOS build. Use Player Settings, Preprocessor, or PostProcessBuild so the final merged plist contains the keys you intend. Always verify in the built IPA, not only in the Editor UI.

What if I use third-party voice or anti-cheat SDKs?

Treat bundled SDKs as part of your shipped crypto surface. If a vendor says their SDK uses non-exempt encryption, your answers and plist must reflect that. Do not copy another game's answers.

Bookmark this page the first time compliance blocks a milestone. Share it with whoever uploads builds so export compliance stops being a single-person bottleneck.