-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Apple rejects FMDB framework, even though it contains privacy file init. #873
Comments
Are you using CocoaPods? If so, the quickest way to get this fixed is to compile the source files directly into your app. |
Yes, I'm using CocoaPods. |
@ccgus, @tstump-phunware We are not facing the issue with archiving as reported at #872. Do you think the Apple rejection we are seeing is related to the PR raised which is likely to address the concern from Apple? Many customers have reported the Apple rejection reported here. @ccgus request you to prioritize the request so that the concern from Apple is addressed. We have tried several ways to place the privacy file outside the bundle assuming that was the reason for failure. Also the privacy file for FMDB has no values against keys for Privacy Accessed API types. Is the privacy file incomplete here? |
@lokii49 -- The code signing signature issue is something specific to closed source libraries, which are typically distributed as pre-built .xcframeworks (my company does this). @ccgus was asking if you use CocoaPods because that would mean you're bringing in FMDB as source code. In this scenario, you don't need a third-party code signature. Xcode will code sign the frameworks it creates when compiling each installed third-party library from within your project. Quinn from the Apple Developer forums confirms the code signature requirements in a recent thread. @SrinivasGourarum -- If you are using CocoaPods to install your dependencies as source code, you can provide an app-level privacy manifest file to cover for any source-code dependencies that are missing one. This is not ideal, but I've been doing it as a workaround until #872 lands in a release. Also, FMDB is a lightweight wrapper around SQLite and doesn't use anything that would be deemed necessary to report within the privacy manifest file. |
Thanks @tstump-phunware for the suggestion. We will give it a try. @ccgus we have received another related rejection against FMDB framework. ITMS-90338: Non-public API usage - The app references non-public selectors in Frameworks/sample.framework/sample(name changed): setShouldCacheStatements:. If method names in your source code match the private Apple APIs listed above, altering your method names will help prevent this app from being flagged in future submissions. In addition, note that one or more of the above APIs may be located in a static library that was included with your app. If so, they must be removed. For further information, visit the Technical Support Information at http://developer.apple.com/support/technical/ The API "setShouldCacheStatements" is part of FMDB which we were consuming. Please consider renaming as you try and address the app rejection as part of 2.7.12 version. |
Alright, a new version is up on CocoaPods which should fix the problem with SQLCipher and the privacy manifest. @SrinivasGourarum You should push back on the rejection. FMDB is used by hundreds (if not thousands) of apps in the App Store without having to rename method. |
We have consumed 2.7.12, tried submitting the app but still apple rejects it with the same reason. For now we will use FMDB as a source, please look in to. |
@lokii49 I think you'll need to provide a small sample project demonstrating how this library is being integrated into your app. Since you're using CocoaPods, please share the details of your Podfile as well. Finally, share what version of Xcode you're using. |
App got rejected with below reason:
ITMS-91065: Missing signature - Your app includes “Frameworks/FMDB.framework/FMDB”, which includes FMDB, an SDK that was identified in the documentation as a privacy-impacting third-party SDK. If a new app includes a privacy-impacting SDK, or an app update adds a new privacy-impacting SDK, the SDK must include a signature file. Please contact the provider of the SDK that includes this file to get an updated SDK version with a signature. For details about verifying the code signature for a third-party SDK.
Please help me out, how can I resolve this?
The text was updated successfully, but these errors were encountered: