App Store Connect reports "ITMS-91061: Missing privacy manifest" for OpenSSL.xcframework
#29,072 opened on Nov 5, 2025
Repository metrics
- Stars
- (30,157 stars)
- PR merge metrics
- (No merged PRs in 30d)
Description
When submitting an app to TestFlight / App Store Connect that embeds OpenSSL.xcframework, Apple rejects the binary with the following warning:
ITMS-91061: Missing privacy manifest – Your app includes "Frameworks/OpenSSL.framework/OpenSSL", which includes BoringSSL / openssl_grpc, an SDK that was identified in the documentation as a commonly used third-party SDK. If a new app includes a commonly used third-party SDK, the SDK must include a privacy manifest file.
I have confirmed that:
- The project embeds OpenSSL.xcframework correctly under Frameworks, Libraries & Embedded Content (Embed & Sign).
- The xcframework builds successfully for ios-arm64 and ios-arm64_x86_64-simulator.
- A valid PrivacyInfo.xcprivacy file exists at the root of the xcframework.
- A placeholder signature.json is also present at the root.
- The issue persists even after a clean build, re-archive, and re-upload.
Item: Details OpenSSL build: OpenSSL.xcframework (3.x branch) Distribution: App Store Connect → TestFlight Xcode version: 16.4 (Build 16F6) macOS version: macOS Sonoma Target SDK: iOS 17+ Error from Apple: ITMS-91061: Missing privacy manifest Framework embed method: Dynamic XCFramework (Embed & Sign) Attempted fixes: Added custom PrivacyInfo.xcprivacy and signature.json — no effect
Expected Behavior The xcframework should include an official PrivacyInfo.xcprivacy and signature.json so developers can distribute apps using OpenSSL without App Store rejection.
Suggested Resolution
Please:
Add a default PrivacyInfo.xcprivacy (indicating no user data collection).
Provide a valid Apple-signed signature.json generated with Xcode 15.3+ using xcodebuild -sign-xcframework.
Publish the updated OpenSSL.xcframework (and/or OpenSSL-Universal CocoaPod) containing both files.
Reference
Apple’s third-party SDK requirements: 🔗 https://developer.apple.com/support/third-party-SDK-requirements/
Reporter Name: Fiaz Hussain SDK: CognetIdentityKit (uses OpenSSL internally) Contact: fiazhussaiin623@gmail.com