If you are using https in your application, you will need to answer yes to this question, even if all you are using is built in mechanisms to communicate over https. The good news is that you no longer need to get the Encryption Registration Number (ERN) - the current requirements (as of August 2017) are that you just need to submit the annual self classification report to the BIS(Bureau of Industry and Security). To submit a self classification report, follow the instructions on item 13 in this FAQ: A sample Self Classification report can be found here.
For a great write up that talks about both sides of the story (apps that only use common / freely available encryption, like SSL, as well as apps that have their own, proprietary encryption, see this Medium post.
Please don't listen to other people who state that they just answer no to this question to make things easier when submitting an app.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
