ITMS-90158

I also have been blocked by a sudden failure to upload macOS archives to App Store Connect the past few days, but finally managed to fix it by forcing XCode 16.3 beta to regenerate the provisioning profile(s) of the offending app extensions that uses the App Groups capability. I deliberately include all the steps I took to provide as much detail as possible for anyone else facing the same issue. The exact error I got is as follows (redacted for privacy reasons): ITMS-90286: Invalid code signing entitlements - Your application bundle’s signature contains code signing entitlements that aren’t supported on macOS. Specifically, the “[group.com.xxx]” value for the com.apple.security.application-groups key in “com.xxx.appname.pkg/Payload/appname.app/Contents/PlugIns/AppNameExtension.appex/Contents/MacOS/AppNameExtension” isn’t supported. This value should be a string or an array of strings, where each string is the “group” value or your Team ID, followed by a dot (“.”), followed by the group name. If you'r

check your email, there is a new requirement ITMS-91061 for Privacy manifests . Your app probably has some 3-rd Party libraries that dont have it.

@elementarteilchen, please see my previous response for how to take action to get your issue ITMS-90863 resolved. Don't forget to post the FB number here. — Ed Ford,  DTS Engineer

I’m having the same problem, only with another Lib: This is what the E-Mail from Apple sais about my App: Although delivery was successful, you may want to correct the following issues in your next delivery. Once you've corrected the issues, upload a new binary to App Store Connect. ITMS-90863: Macs with Apple silicon support issue - The app links with libraries that aren’t present in macOS: /usr/lib/swift/libswiftWebKit.dylib And I notice that the App can’t be installed on my Mac via Testflight. The latest AppStore version of the App can be installed on the Mac (from with the AppStore). I’m not sure when exactly the issue has started, but there are other threads in the Apple developer forum where developers have the very same problem: https://developer.apple.com/forums/thread/766061 https://developer.apple.com/forums/thread/756325 https://developer.apple.com/forums/thread/771068

even with the already uploaded binary, cannot get it to be reviewed... The status of your app has changed to Invalid Binary. Please correct the following issues and upload a new binary to App Store Connect. ITMS-90286: Invalid code signing entitlements - Your application bundle’s signature contains code signing entitlements that aren’t supported on macOS. Specifically, the “[group.com.

@HirakDesai , see Handling ITMS-91061: Missing privacy manifest.

UPDATE : I was able to narrow down my metadata errors vaslty. The only error that sustains is as follows. Package Summary: 1 package(s) were not uploaded because they had problems: /Users/isseyyohannes/Desktop/ALGORA_Performance.itmsp - Error Messages: ERROR ITMS-3000: Line 16 column 15: element versions not allowed here; expected the element end-tag or element metadata_token at XPath /package/versions ERROR ITMS-3000: Package null failed schema validation. [2025-02-20 12:23:44 EST] DBG-X: Returning 1 This is the structure of my metadata file. GL5BCCW69X GL5BCCW69X ALGORA_Performance.pkg ALGORA Performance Trading made easy. This app is optimized for macOS trading. Any insight on to what I may be doing wrong in my metadata.xml file would be appreciated. Thank you. Note : md5 was hidden on purpose.

I encountered the same issue. I received an email from Apple stating that the app was rejected due to ITMS-91061: Missing privacy manifest in third-party SDKs. The list of affected SDKs is as follows: https://developer.apple.com/support/third-party-SDK-requirements.

Do you have the complete report to see the list of dependencies? The error message 'ITMS-91061: Missing privacy manifest' indicates that your iOS app is missing the necessary privacy manifest files for certain features you are using in your app. The privacy manifest files are required to disclose how your app uses sensitive user data, such as location, contacts, photos, etc. In your case it seems like is a third party library. Third-party frameworks also require a privacy manifest and signature. It seems like your report is asking for the privacy manifest for GoogleDataTransport that may be a dependency. Check all their dependencies for GoogleToolboxForMac. https://developer.apple.com/support/third-party-SDK-requirements/ Please refer to the link provided above. The library you are currently using, GoogleToolboxForMac as well as GoogleDataTransport, is included in the list. It seems by the error that could be one of the dependencies. Do you have the complete report? The third-party library you receiv

Same Here ITMS-91061: Missing privacy manifest - Your app includes “Frameworks/FirebaseCore.framework/FirebaseCore”, which includes FirebaseCore, an SDK that was identified in the documentation as a commonly used third-party SDK. If a new app includes a commonly used third-party SDK, or an app update adds a new commonly used third-party SDK, the SDK must include a privacy manifest file. Please contact the provider of the SDK that includes this file to get an updated SDK version with a privacy manifest. For more details about this policy, including a list of SDKs that are required to include signatures and manifests, visit: https://developer.apple.com/support/third-party-SDK-requirements.