This appears to have been fixed with Xcode 15.4.

I just checked the status of FB13704428 and the resolution was marked as: Investigation complete - Unable to diagnose with current information. This is a bit unbelievable as this is widely reported over the internet and I can reproduce the issue at will. I have customer's reporting this issue to me as well. And the workaround to making this work is to manually go in and edit the Info.plist file and put in a bogus value that is way greater than the MinimumOSVersion of the containing application??? I would appreciate if other people that are seeing this issue could both comment here, and open your own feedback and include FB13704428 and this forum post.  needs to get this fixed.

Hi @pedroatanasio, We also ship a closed source binary static .xcframework via SPM and Cocoapods and are hitting the issue where apps that consume our SDK aren't getting the PrivacyInfo.xcprivacy file embedded into their application. You mention in your initial post that you have been successful in making this work with both CocoaPods and SPM. Would you mind sharing what your Package.swift file looks like to get this to work? I just had a customer reach out to me stating that they were notified by Apple that they need to provide usage reasons for the required reason APIs and we are not sure how to best get them consuming the PrivacyInfo.xcprivacy file that we have shipped. Appreciate your guidance!

We develop a static .xcframework and ship it as a compiled binary. We have included the PrivacyInfo.xcprivacy file and sign the .xcframework as specified. The first issue that I see is that unless you embed the .xcframework in the app, then the app doesn't contain the PrivacyInfo.xcprivacy file. Being that the framework is already statically linked into the final app executable, embedding the .xcframework seems an odd requirement in and of itself. Secondly, consuming the binary .xcframework via SPM, Xcode doesn't even allow you to embed the static library in the final application. I have just received a report from on of our customers that they were flagged for using a "required reason" API and are not certain how to get our PrivacyInfo.xcprivacy file into their application.