https://developer.apple.com/news/?id=3d8a9yyh
In the above, in "uploading new apps and updating published apps" after May 1st, “And if you add a new third-party SDK that’s on the list of commonly used third-party SDKs, these API, privacy manifest, and signature requirements will apply to that SDK.” "Make sure to use a version of the SDK that includes its privacy manifest and note that signatures are also required when the SDK is added as a binary dependency." There is a description above. Our app uses the SDK (Alamofire) listed in the list, and a new version that is compatible with the Privacy Manifest has been released, but the SDK signature has not yet been completed. The embedded methods provided by Alamofire (CocoaPods and Carthage) are downloaded in a binary-dependent format and are therefore subject to the above requirements.
■Matters you should check If this continues, there is a risk that when we release our app after May 1st, it will be rejected because the SDK signature has not been applied. Currently, there is no indication that Alamofire will support this, so we understand that the requirements can be met by signing and releasing the code using the codesign command on our side. Am I correct in my understanding? Furthermore, since Alamofire is licensed by MIT, developers can modify it, so any developer can sign it.
We look forward to hearing from you.