openssl/openssl

App Store Connect reports "ITMS-91061: Missing privacy manifest" for OpenSSL.xcframework

Open

#29,072 opened on Nov 5, 2025

View on GitHub
 (3 comments) (0 reactions) (0 assignees)C (11,262 forks)batch import
help wantedtriaged: bugtriaged: feature

Repository metrics

Stars
 (30,157 stars)
PR merge metrics
 (No merged PRs in 30d)

Description

When submitting an app to TestFlight / App Store Connect that embeds OpenSSL.xcframework, Apple rejects the binary with the following warning:

ITMS-91061: Missing privacy manifest – Your app includes "Frameworks/OpenSSL.framework/OpenSSL", which includes BoringSSL / openssl_grpc, an SDK that was identified in the documentation as a commonly used third-party SDK. If a new app includes a commonly used third-party SDK, the SDK must include a privacy manifest file.

I have confirmed that:

  • The project embeds OpenSSL.xcframework correctly under Frameworks, Libraries & Embedded Content (Embed & Sign).
  • The xcframework builds successfully for ios-arm64 and ios-arm64_x86_64-simulator.
  • A valid PrivacyInfo.xcprivacy file exists at the root of the xcframework.
  • A placeholder signature.json is also present at the root.
  • The issue persists even after a clean build, re-archive, and re-upload.

Item: Details OpenSSL build: OpenSSL.xcframework (3.x branch) Distribution: App Store Connect → TestFlight Xcode version: 16.4 (Build 16F6) macOS version: macOS Sonoma Target SDK: iOS 17+ Error from Apple: ITMS-91061: Missing privacy manifest Framework embed method: Dynamic XCFramework (Embed & Sign) Attempted fixes: Added custom PrivacyInfo.xcprivacy and signature.json — no effect

Expected Behavior The xcframework should include an official PrivacyInfo.xcprivacy and signature.json so developers can distribute apps using OpenSSL without App Store rejection.

Suggested Resolution

Please:

Add a default PrivacyInfo.xcprivacy (indicating no user data collection).

Provide a valid Apple-signed signature.json generated with Xcode 15.3+ using xcodebuild -sign-xcframework.

Publish the updated OpenSSL.xcframework (and/or OpenSSL-Universal CocoaPod) containing both files.

Reference

Apple’s third-party SDK requirements: 🔗 https://developer.apple.com/support/third-party-SDK-requirements/

🔗 https://developer.apple.com/documentation/bundleresources/adding-a-privacy-manifest-to-your-app-or-third-party-sdk

Reporter Name: Fiaz Hussain SDK: CognetIdentityKit (uses OpenSSL internally) Contact: fiazhussaiin623@gmail.com

Contributor guide