stefan-tudor
commented
3 weeks ago Hi @alexeytarasoff, Thank you for reporting this!
It seems to be a duplicate of this one: https://github.com/Judopay/JudoKit-iOS/issues/245 We're on it, and yes, we will have a new version of the SDK adding privacy manifest files and signed binaries.
Hello We have trouble with App Store review: ITMS-91065: Missing signature - Your app includes “Frameworks/OpenSSL.framework/OpenSSL”, which includes BoringSSL / openssl_grpc, an SDK that was identified in the documentation as a privacy-impacting third-party SDK. If a new app includes a privacy-impacting SDK, or an app update adds a new privacy-impacting SDK, the SDK must include a signature file. Please contact the provider of the SDK that includes this file to get an updated SDK version with a signature. For details about verifying the code signature for a third-party SDK, visit: https://developer.apple.com/documentation/xcode/verifying-the-origin-of-your-xcframeworks.
Your Judo SDK depends on third-party SDK OpenSSL 1.1.2200, which have no manifest and signature. Starting in spring 2024, you must include the privacy manifest for any SDK listed below when you submit new apps in App Store Connect that include those SDKs, or when you submit an app update that adds one of the listed SDKs as part of the update. Signatures are also required in these cases where the listed SDKs are used as binary dependencies. OpenSSL in the list: https://developer.apple.com/support/third-party-SDK-requirements/
Starting May 1: Make sure to use a version of the SDK that includes its privacy manifest and note that signatures are also required when the SDK is added as a binary dependency. https://developer.apple.com/news/?id=3d8a9yyh
Can you help please? Will be update on this issue?