False Alert of non-public symbols from Security.framework

Just pushed a build to AppStore Connect and received the reply below about referenced non-public symbols. Since all of these are as far as I know public and from Security.framework, the message appears to be a false alarm. Correct?


ITMS-90338: Non-public API usage - The app references non-public symbols in Contents/Frameworks/Mixpanel.framework/Versions/A/Mixpanel: _SSLSetEnabledCiphers, _SecCertificateCopyData, _SecCertificateCreateWithData, _SecPolicyCreateBasicX509, _SecPolicyCreateSSL, _SecRandomCopyBytes, _SecTrustCopyPublicKey, _SecTrustCreateWithCertificates, _SecTrustEvaluate, _SecTrustGetCertificateAtIndex, _SecTrustGetCertificateCount, _SecTrustSetAnchorCertificates, _SecTrustSetPolicies, _kSecRandomDefault,The app references non-public symbols in Contents/MacOS/Baby Monitor: _SecCertificateCreateWithData, _SecItemAdd, _SecItemCopyMatching, _SecItemDelete, _SecItemUpdate, _SecKeyGeneratePair, _SecPolicyCreateSSL, _SecTrustCreateWithCertificates, _SecTrustEvaluate, _kSecAttrAccessible, _kSecAttrAccessibleAfterFirstUnlock, _kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly, _kSecAttrAccount, _kSecAttrApplicationTag, _kSecAttrCreationDate, _kSecAttrIsPermanent, _kSecAttrKeySizeInBits, _kSecAttrKeyType, _kSecAttrKeyTypeRSA, _kSecAttrLabel, _kSecAttrModificationDate, _kSecAttrService, _kSecClass, _kSecClassKey, _kSecMatchLimit, _kSecMatchLimitAll, _kSecMatchLimitOne, _kSecReturnAttributes, _kSecReturnData, _kSecReturnRef, _kSecValueData, _kSecValueRef. If method names in your source code match the private Apple APIs listed above, altering your method names will help prevent this app from being flagged in future submissions. In addition, note that one or more of the above APIs may be located in a static library that was included with your app. If so, they must be removed. For further information, visit the Technical Support Information at http://developer.apple.com/support/technical/

Best regards,

The App Store Team

Up vote post of enodev Down vote post of enodev
3.3k views
Posted by
enodev
Reply
Add a Comment

Replies

Same problem here with a widely used class to access the keychain (KeychainItemWrapper.m). iOS version passed without issue, but the MacOS version failed due to Non-public API usage, looks like a false alarm but it needs to be fixed by Apple. I sent an email about this problem on 19 Feb, I got a response asking for screenshots(?!!) and I responded back yesterday and waiting for a solution. Let me know if you find a workaround.


ITMS-90338: Non-public API usage - The app references non-public symbols in Contents/MacOS/: _SecItemAdd, _SecItemCopyMatching, _SecItemDelete, _SecItemUpdate, _kSecAttrAccount, _kSecAttrDescription, _kSecAttrGeneric, _kSecAttrLabel, _kSecAttrProtocol, _kSecAttrServer, _kSecClass, _kSecClassInternetPassword, _kSecMatchLimit, _kSecMatchLimitOne, _kSecReturnAttributes, _kSecReturnData, _kSecValueData

Posted by
Starkode
Up vote reply of Starkode Down vote reply of Starkode
Add a Comment

I also ran into this problem. The iOS build runs without problems, the Mac Catalyst version throws an error:


ITMS-90338: Non-public API usage - The app references non-public symbols in Contents/Frameworks/Alamofire.framework/Versions/A/Alamofire: _SecCertificateCopyData, _SecCertificateCreateWithData, _SecPolicyCreateBasicX509, _SecPolicyCreateRevocation, _SecPolicyCreateSSL, _SecTrustCopyPublicKey, _SecTrustCreateWithCertificates, _SecTrustEvaluate, _SecTrustEvaluateWithError, _SecTrustGetCertificateAtIndex, _SecTrustGetCertificateCount, _SecTrustSetAnchorCertificates, _SecTrustSetAnchorCertificatesOnly, _SecTrustSetPolicies,The app references non-public symbols in Contents/Frameworks/GoogleUtilities.framework/Versions/A/GoogleUtilities: _SecTrustEvaluate,The app references non-public symbols in Contents/Frameworks/VK_ios_sdk.framework/Versions/A/VK_ios_sdk: _SecItemAdd, _SecItemCopyMatching, _SecItemDelete, _kSecAttrAccessible, _kSecAttrAccessibleAfterFirstUnlock, _kSecAttrAccount, _kSecAttrService, _kSecClass, _kSecMatchLimit, _kSecMatchLimitOne, _kSecReturnData, _kSecValueData,The app references non-public symbols in Contents/MacOS/Рынок Отношений: _SecItemAdd, _SecItemCopyMatching, _SecItemDelete, _SecItemUpdate, _kSecAttrAccessible, _kSecAttrAccessibleAfterFirstUnlock, _kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly, _kSecAttrAccessibleAlways, _kSecAttrAccessibleAlwaysThisDeviceOnly, _kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly, _kSecAttrAccessibleWhenUnlocked, _kSecAttrAccessibleWhenUnlockedThisDeviceOnly, _kSecAttrAccount, _kSecAttrApplicationTag, _kSecAttrGeneric, _kSecAttrKeyType, _kSecAttrKeyTypeRSA, _kSecAttrService, _kSecClass, _kSecClassIdentity, _kSecClassInternetPassword, _kSecClassKey, _kSecMatchLimit, _kSecMatchLimitAll, _kSecMatchLimitOne, _kSecReturnAttributes, _kSecReturnData, _kSecReturnPersistentRef, _kSecValueData. If method names in your source code match the private Apple APIs listed above, altering your method names will help prevent this app from being flagged in future submissions. In addition, note that one or more of the above APIs may be located in a static library that was included with your app. If so, they must be removed. For further information, visit the Technical Support Information at http://developer.apple.com/support/technical/

Posted by
plita
Up vote reply of plita Down vote reply of plita
Add a Comment

I am facing the same problem. Any news? Solutions? Workarounds?

Posted by
Tomas Srna
Up vote reply of Tomas Srna Down vote reply of Tomas Srna
Add a Comment

I have the same issue with Alamofire 5


ITMS-90338: Non-public API usage - The app references non-public symbols in Contents/Frameworks/Alamofire.framework/Versions/A/Alamofire: _SecCertificateCopyData, _SecCertificateCreateWithData, _SecPolicyCreateBasicX509, _SecPolicyCreateRevocation, _SecPolicyCreateSSL, _SecTrustCopyPublicKey, _SecTrustCreateWithCertificates, _SecTrustEvaluate, _SecTrustEvaluateWithError, _SecTrustGetCertificateAtIndex, _SecTrustGetCertificateCount, _SecTrustSetAnchorCertificates, _SecTrustSetAnchorCertificatesOnly, _SecTrustSetPolicies.

Posted by
perforator85
Up vote reply of perforator85 Down vote reply of perforator85
Add a Comment

I have the same issue using SAMKeychain. I've tried contacting Apple through several different support routes. Developer support, code leverl support, you name it. I'm having a VERY hard time getting any help or anyone to even acknowledge they understand or will pass this along to the App Store connect development team. Very disappointing.


They keep asking me to clear my web browser history, and this is supposed to be developer support!

Posted by
rsoffer1
Up vote reply of rsoffer1 Down vote reply of rsoffer1
Add a Comment

I just uploaded a new binary and now everything seems to works fine.

Posted by
Starkode
Up vote reply of Starkode Down vote reply of Starkode
Add a Comment

have also experienced this same problem.

Posted by
@johndoe
Up vote reply of @johndoe Down vote reply of @johndoe
Add a Comment