App rejected from store during upload

[mkrn]

Describe the bug

My Framework includes amplify-swift which in turn depends on aws-crt-swift

The built app works on device in Debug and Release.

During upload to TestFlight the following error appears:

The app references non-public symbols in Payload/appnew.app/Frameworks/.....MyFramework: _CCCryptorGCMAddAAD, _CCCryptorGCMFinalize, _CCCryptorGCMSetIV (ID: 18f105e0-1452-4a69-b9ee-...)

Steps To Reproduce

Steps to reproduce the behavior:
1. Archive app and upload to App Store
2. See error

Expected behavior

App should upload

Amplify Framework Version

2.21.1

Amplify Categories

API

Dependency manager

Swift PM

Swift version

5.9

CLI version

11.1.1

Xcode version

Version 15.0.1 (15A507)

Relevant log output

<details>
<summary>Log Messages</summary>


INSERT LOG MESSAGES HERE

```

Is this a regression?

No

Regression additional context

No response

Platforms

No response

OS Version

iOS 17.0.1

Device

iPhone 13 pro

Specific to simulators

No response

Additional context

Xcode Version 15.0.1 (15A507)

[atierian]

Thanks for opening this @mkrn. We're investigating.

[mkrn]

Thanks @atierian
I suspected it's because of using openssl here https://github.com/awslabs/aws-crt-swift/blob/main/Source/LibCrypto/shim.h which may have triggered the requirements for encryption documentation in France, but removing France from countries where app is available didn't solve it.

[atierian]

Do you have any other logs or messages that suggest it's coming from aws-crt-swift? If so, please include it here. I'm not seeing anything in the messages you provided that suggest it's coming from aws-crt-swift.

From what I can tell, the /LibCrypto/shim.h you linked above is only included when built on Linux. [reference]

I think this is most likely coming from aws-c-cal, an upstream dependency of aws-crt-swift.

[atierian]

@mkrn can you try using Amplify Swift 2.19.0? It appears that version doesn't have this issue.

We recently updated to a newer version of the AWS SDK for Swift, which pulls in a version of aws-c-cal that references some methods from CommonCrypto/CommonCryptorSPI.h.

[mkrn]

Downgrading solved it! Thanks. FYI going forward it may be an issue in new versions

[atierian]

Glad to hear, thanks for confirming! And yes, this is just a workaround until we can resolve the issue on newer versions. We'll update this issue with any news.

[atierian]

I'm having some difficulties reproducing this. Can you please include some more details:

• Which targets are you linking to your app target? You can find these under Your App Target > General > Frameworks, Libraries, and Embedded Content
  

• Which platforms does your app support, and what are the deployment targets?

• How are you uploading to AppStoreConnect? If you're doing the standard Archive + Distribute through Xcode, which option did you select here?
  

[atierian]

@mkrn could it be that your app target's scheme > Archive > Build Configuration is set to Debug instead of Release? That's the only way I can reproduce what you're seeing.

[mkrn]

@atierian Archive is release, just retried with the new version it is happening still when trying to upload. 2.19.0 not

[atierian]

Thanks for confirming the Build Configuration. Can you please answer the questions from the previous comment? That information will help in reproducing the issue. Thanks!

[maxchuquimia]

I have just experienced this after updating from 2.18.2 to 2.2.21 when uploading an archive via xcrun altool --upload-app.

We link against the package from another Swift Package via our Package.swift.

[mkrn]

My app includes my framework which in turn uses Amplify via Package Manager

Uploading using XCode Archive + Distribute through Xcode=> TestFlight & App Store option

Platforms & Deployment targets:

[atierian]

Thanks for the details @mkrn.

And thanks @maxchuquimia for letting us know that you're also experiencing this. You mentioned:

We link against the package from another Swift Package via our Package.swift.

Can you tell me some more about how this is setup -- is your app target dynamically linking a framework that contains Amplify?

[atierian]

I was able to reproduce by including Amplify (+ plugin targets) in a framework and linking that framework in my app target. We're continuing to investigate.

Two workarounds that are known at this time:

• Use Amplify Swift <= 2.19.0
• Statically link Amplify targets against your app instead of embedding them in a framework first.

[atierian]

linking related issue in aws-crt-swift

• Access to private Apple APIs prevents acceptance to App Store awslabs/aws-crt-swift#206

[maxchuquimia]

Can you tell me some more about how this is setup -- is your app target dynamically linking a framework that contains Amplify?

Our app's Xcode project target doesn't contain all our app's code. Instead, we have a local Swift Package MyApp with our code (main scene, AppDelegate etc). The classes from MyApp are then used when our app launches.

MyApp's Package.swift is what defines our dependency on Amplify:

products: [
    .library(
        name: "MyApp",
        type: .dynamic,
        targets: [
            "MyApp
        ]
    ),
],
dependencies: [
    .package(url: "https://github.com/aws-amplify/amplify-swift", exact: "2.18.2"),
    ...
]

[atierian]

Thanks @maxchuquimia. type: .dynamic linking is similar to using a wrapper .framework here in that the unused non-public symbols are being included in the framework within the app bundle.

The underlying cause has been addressed in aws-c-cal / aws-crt-swift and we're working on getting those updates into Amplify Swift. Here's the PR for reference:

• fix: bump swift sdk to 0.26.1 #3333

We'll update here once this is merged and Amplify Swift has been released. Thanks to both of you for reporting this and your assistance in reproducing it.

[atierian]

Amplify Swift 2.21.3 was released with a fix resolving this issue.
Thanks again to both of @mkrn and @maxchuquimia for reporting this!