Can you please enlighten us as to what kind of legal restrictions apply here? It is always interesting to see how these «little» legal details get in the way of running software.
Could it be that the app is using HTTPS? iTunesConnect has all these crazy questions with very little guidance about encryption and export compliance if you say you do use HTTPS.
But seriously, the iTunes connect question specifically excludes stuff like HTTPS using the regular libraries, which is just as well as otherwise pretty much every app would be affected. Legal issue is probably boring IP rights stuff.
It's not that easy. Even the first question in iTunesConnect explicitly states you must answer "yes" even if you just make use of the built-in HTTPS libraries in the OS. If you start digging into the various guidelines you open a can of worms of recursive cross-references between documents and sections. Nowhere have I seen a statement that says "if you just use os HTTPS, you don't have to do anything". At the very least you may have to consider if you have to submit various annual self-classification reports.
For an app like this I could easily see a serious company deciding to skip the hassle and CYA, instead of potentially taking on a huge legal risk. Would you, as a regular worker-bee developer, be OK with personally signing off and accepting a legal risk on behalf of a large company without involving expensive lawyers to evaluate the validity of your opinion on this legalese? Would that be a responsible action to take?