Hi, I have some doubts about certificates expiration given this "new" requirement around signing for some common third party SDKs:
https://developer.apple.com/support/third-party-SDK-requirements/
Use case:
- I build an SDK that will be distributed as an XCFramework and will be used in AppStore apps from different people.
- My SDK internally uses some other third party libraries that are integrated as binaries
- Let's assume some of those third party libraries are from the list above and therefore seem to be required to be signed.
- I distribute my SDK with all in order (third party SDKs from that list with valid signatures)
- People using my SDK over the time provide an update to their apps on the AppStore but by then some of the third party libraries of my SDK has an expired certificate.
What would happen?
- People using my SDK won't have any issues as far as my SDK has a valid signature (despite third party libraries from the list have expired signatures)
- People using my SDK will get a warning about it but still will be able to submit to the AppStore. In that case, would AppStore Review process decline the update?
- People using my SDK will get an error, not being able to submit to the AppStore and will require me an update version of the SDK with those third party libraries re-signed.
My understanding is that all would work as far as my SDK has a valid signature (after all is the one taking responsibility of the code inside), independently of what happens with the signature of those libraries themselves, am I correct?.