We're distributing an XCFramework to a customer to create their own apps. With the new XCFramework signing requirements, we have a question with regards the way how to implement it.
We're using a few of the frameworks on the list https://developer.apple.com/support/third-party-SDK-requirements/ including [AFNetworking], as a dependencies for our framework.
We are building those frameworks from source code and not using any binaries provided by any third-party. We also modify the open source code, so that it is different from the original open source code in a way so that it won't lead to runtime conflicts in case the customers is including similar frameworks in their application. We're using those derivatives of the open source frameworks as a statically linked libraries to our SDK.
Questions:
- Do we need to sign the third party frameworks of which we have cloned source code and using it within our SDK Framework?
- Is it required that the XCFramework built this way is signed when it is delivered to a third party and they use it in their app?