Our app was recently rejected during review under the Guideline 2.5.1 - Performance - Software Requirements, with the reason that we’re using a non-public API: "pacga" However, based on our investigation: We are not explicitly calling this API in our code or in any linked frameworks. We ran the suggested checks (strings, otool) on the app binary and included frameworks, and found no private API usage. From what we understand, "pacga" is not an API at all, but an ARM64e instruction (Pointer Authentication Code Generate Address) automatically generated by the compiler for devices with ARM64e support (A12 and newer). This is part of Apple’s Pointer Authentication (PAC) security mechanism introduced in iOS 12. Sharing a few references: https://developer.apple.com/documentation/security/preparing-your-app-to-work-with-pointer-authentication https://www.usenix.org/system/files/usenixsecurity23-cai-zechao.pdf https://clang.llvm.org/docs/PointerAuthentication.html#id9 Given this, we suspect the rejection might be a false positive triggered by the presence of this instruction in the compiled binary rather than actual private API usage. Has anyone else run into a similar rejection recently? If so, how did you resolve it with App Review? Thanks in advance.