Resolving ITMS-91055: Invalid API Reason Declaration Error for TestFlight Submission
search cancel

Resolving ITMS-91055: Invalid API Reason Declaration Error for TestFlight Submission

book

Article ID: 376270

calendar_today

Updated On:

Products

CA Strong Authentication

Issue/Introduction

When submitting your app to TestFlight for review, you may encounter the following error message from Apple Developer Relations:

Error Message:

ITMS-91055: Invalid API Reason Declaration - The PrivacyInfo.xcprivacy file at the “Frameworks/AAFoundation.framework/PrivacyInfo.xcprivacy” path contains “C617.1” as the value for a NSPrivacyAccessedAPITypeReasons key instead of a valid reason code for using an API in the NSPrivacyAccessedAPICategoryUserDefaults category. Values for NSPrivacyAccessedAPITypeReasons keys in any privacy manifest must be valid reason codes for the corresponding API category.

This error is typically associated with the PrivacyInfo.xcprivacy file in the AAFoundation.framework, indicating that the reason code provided is invalid according to Apple's guidelines.

Environment

CA Strong Authentication 9.1

Cause

The issue arises due to a misconfiguration in the privacy manifest file (PrivacyInfo.xcprivacy) within the framework. Specifically, the value for the NSPrivacyAccessedAPITypeReasons key does not match a valid reason code as required by Apple for using an API in the NSPrivacyAccessedAPICategoryUserDefaults category.

Additionally, it was identified that the signing certificate for the framework was revoked by the certificate owner, which can cause further complications during the submission process.

Resolution

To resolve this issue, you need to re-sign the affected framework using a valid Apple Distribution certificate. Below are the steps to do this:

  1. Re-Signing the Framework:

    • Use the following command in the terminal to re-sign the RiskAuthDeviceDNAFramework.xcframework with a valid Apple Distribution certificate:
    • codesign --deep -s "Apple Distribution: <certificate name>" -fv RiskAuthDeviceDNAFramework.xcframework
    • Replace <certificate name> with the actual name of your valid Apple Distribution certificate.

    Example:

             codesign --deep -s "Apple Distribution: ABC, Inc (NAME)" -fv RiskAuthDeviceDNAFramework.xcframework

  1. Re-upload the Binary:

    • After re-signing the framework, upload the new binary to App Store Connect and submit it for TestFlight review.

  2. Alternative Solution:

    • If you are unable to re-sign the framework yourself, contact your support representative to have the SDK re-signed with a new certificate. Once re-signed, the SDK will be provided to you for submission.

Additional Information

  • A re-signed version of the SDK has been uploaded to KB article for immediate use. You can use this to proceed with app submission.

  • Important: There are no code changes in this SDK, hence the version number remains the same. However, discussions are underway with the engineering lead to upload this re-signed version to the official software repository for future use.

For further details on this Apple policy, including a list of required reason APIs and approved usage reasons, please visit the Apple Developer Documentation.

Attachments

Updated sign.zip get_app
Powered by Wolken Software