Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apple rejects FMDB framework, even though it contains privacy file init. #873

Closed
lokii49 opened this issue Jun 27, 2024 · 9 comments
Closed

Apple rejects FMDB framework, even though it contains privacy file init. #873

lokii49 opened this issue Jun 27, 2024 · 9 comments

Comments

@lokii49
Copy link

lokii49 commented Jun 27, 2024

App got rejected with below reason:
ITMS-91065: Missing signature - Your app includes “Frameworks/FMDB.framework/FMDB”, which includes FMDB, an SDK that was identified in the documentation as a privacy-impacting third-party SDK. If a new app includes a privacy-impacting SDK, or an app update adds a new privacy-impacting SDK, the SDK must include a signature file. Please contact the provider of the SDK that includes this file to get an updated SDK version with a signature. For details about verifying the code signature for a third-party SDK.

Please help me out, how can I resolve this?
@ccgus
Copy link
Owner

ccgus commented Jun 29, 2024

Are you using CocoaPods? If so, the quickest way to get this fixed is to compile the source files directly into your app.

@lokii49
Copy link
Author

lokii49 commented Jun 29, 2024

Yes, I'm using CocoaPods.
But didn't get your point, directly into app mean? Can you please help me understand.

@lokii49 lokii49 mentioned this issue Jul 1, 2024
Merged
@SrinivasGourarum
Copy link

@ccgus, @tstump-phunware We are not facing the issue with archiving as reported at #872. Do you think the Apple rejection we are seeing is related to the PR raised which is likely to address the concern from Apple? Many customers have reported the Apple rejection reported here. @ccgus request you to prioritize the request so that the concern from Apple is addressed. We have tried several ways to place the privacy file outside the bundle assuming that was the reason for failure. Also the privacy file for FMDB has no values against keys for Privacy Accessed API types. Is the privacy file incomplete here?
Screenshot 2024-07-01 at 6 33 09 PM

@ghost
Copy link

ghost commented Jul 2, 2024
edited by ghost
Loading

@lokii49 -- The code signing signature issue is something specific to closed source libraries, which are typically distributed as pre-built .xcframeworks (my company does this). @ccgus was asking if you use CocoaPods because that would mean you're bringing in FMDB as source code. In this scenario, you don't need a third-party code signature. Xcode will code sign the frameworks it creates when compiling each installed third-party library from within your project. Quinn from the Apple Developer forums confirms the code signature requirements in a recent thread.

@SrinivasGourarum -- If you are using CocoaPods to install your dependencies as source code, you can provide an app-level privacy manifest file to cover for any source-code dependencies that are missing one. This is not ideal, but I've been doing it as a workaround until #872 lands in a release. Also, FMDB is a lightweight wrapper around SQLite and doesn't use anything that would be deemed necessary to report within the privacy manifest file.

@SrinivasGourarum
Copy link

Thanks @tstump-phunware for the suggestion. We will give it a try.

@ccgus we have received another related rejection against FMDB framework.

ITMS-90338: Non-public API usage - The app references non-public selectors in Frameworks/sample.framework/sample(name changed): setShouldCacheStatements:. If method names in your source code match the private Apple APIs listed above, altering your method names will help prevent this app from being flagged in future submissions. In addition, note that one or more of the above APIs may be located in a static library that was included with your app. If so, they must be removed. For further information, visit the Technical Support Information at http://developer.apple.com/support/technical/

The API "setShouldCacheStatements" is part of FMDB which we were consuming. Please consider renaming as you try and address the app rejection as part of 2.7.12 version.

@ccgus
Copy link
Owner

ccgus commented Jul 3, 2024

Alright, a new version is up on CocoaPods which should fix the problem with SQLCipher and the privacy manifest.

@SrinivasGourarum You should push back on the rejection. FMDB is used by hundreds (if not thousands) of apps in the App Store without having to rename method.

@ccgus ccgus closed this as completed Jul 3, 2024
@lokii49
Copy link
Author

lokii49 commented Jul 4, 2024
edited
Loading

We have consumed 2.7.12, tried submitting the app but still apple rejects it with the same reason. For now we will use FMDB as a source, please look in to.
@ccgus. @tstump-phunware

@ghost
Copy link

ghost commented Jul 8, 2024
edited by ghost
Loading

@lokii49 I think you'll need to provide a small sample project demonstrating how this library is being integrated into your app. Since you're using CocoaPods, please share the details of your Podfile as well. Finally, share what version of Xcode you're using.

@lokii49
Copy link
Author

lokii49 commented Jul 18, 2024

Screenshot 2024-07-18 at 4 37 35 PM This is how we are integrating in our IPA. @tstump-phunware FYI.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ccgus @SrinivasGourarum @lokii49