I was searching the web for this for some hours. Actually it is pretty easy and you can verify this in itunes connect:
1. All you have to do
If your app uses only HTTPS or uses encryption only for authentication, tokens, etc., there is nothing you have to do, just include
<key>ITSAppUsesNonExemptEncryption</key><false/>
in your Info.plist and you are done.
2. Verification
You can verify this in itunes connect.
- select your app
- chose features
- chose encryption
- click “+”
- follow the dialog
- for https or authentication the answer is yes and yes
3. Year-end self classification report
As is written in the dialog in 2., you still need to submit a year-end self classification report:
If you are making use of ATS or making a call to HTTPS please note
that you are required to submit a year-end self classification report
to the US government. Learn more
You can check How do I submit a Self Classification Report for Encryption Items and this SO question https://stackoverflow.com/a/48462458/276648 .
In any case you should of course read yourself carefully through the dialog.
A very helpful article can be found here: