In order to facilitate management, we integrate some SDKs such as Firebase into one of our own internally used SDKs. Recently, when submitted to the appstore, we were prompted that FirebaseCrashing included in the SDK lacked the necessary signature (ITMS-91065).
The information that can be confirmed is that after packaging the SDK through secondary packaging, the original signature is lost. And we have a static reference.
So what I want to ask is whether we can only manually sign our secondary packaging sdk (the signature is our own certificate different from the original Firebase) to solve this ITMS-91065 problem.
According to the description of the Apple Developer Conference, Apple only verifies the consistency and security of the SDK and does not record the signature of each SDK on Apple's servers. Therefore, you should only need to ensure that the SDK is in a signed state to comply with Apple's review requirements. (My guess is still being verified)
zhaojb
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution
Post
Replies
Boosts
Views
Activity
Hello, I have a problem.
Our app is based on a set of javascript cross-platform development framework, which includes bridging and packaging of the Foundation Framework. This bridging and packaging itself does not make any API calls, but it contains almost all security APIs. This In this case, does this Framework, which is only used as a bridge, need to add a privacy manifest statement? But since it does not make any API calls, how should I fill in the content?