Export Compliance

If you're new to the world of US export laws, you may wonder why they may apply to your Google Play application in the first place. Your application will be hosted on Google servers. Google Inc. is a US company, and the United States government considers it an export when someone outside the US downloads software from our servers. Because of this, your application may be subject to US export laws, including an arcane labyrinth of rules about software that uses encryption (among other things) -- even if you're not located in the US or a US national.

Which exact rules apply to your particular application? It depends. Although we can't provide you with any legal advice, we can give you some general background about export controls and point you to some helpful resources from your friends in the US government.

Even if you've open sourced your application, it may still be subject to the export regulations. Your application may make use of encryption. Even if your application doesn't contain a crypto library, it may call up crypto functionality in another program. Under the US Commerce Department's regulations, there are different categories of encryption software (like publicly available, authentication, digital signature, mass market, and ancillary), and different rules apply to each type.

Under US export laws, Google Play applications may be prohibited from transfers to embargoed countries. Accordingly, Google blocks downloads to these countries.

"We're from the government, and we're here to help." Old jokes aside, the US government does offer advice and resources for you. This is by no means an exhaustive list (it's up to you to determine your compliance requirements, remember?), but here are a couple of good places to start your homework:

http://www.bis.doc.gov/index.htm
http://www.bis.doc.gov/index.php/policy-guidance/encryption (this link provides contact information for export officials who can provide you more detailed guidance)