diff --git a/meta-ohos-core/recipes-extended/zip/zip_%.bbappend b/meta-ohos-core/recipes-extended/zip/zip_%.bbappend
new file mode 100644
index 0000000000000000000000000000000000000000..d064d4997264e62b1d91a2171496472477b5fa1b
--- /dev/null
+++ b/meta-ohos-core/recipes-extended/zip/zip_%.bbappend
@@ -0,0 +1,12 @@
+# SPDX-FileCopyrightText: Huawei Inc.
+# SPDX-License-Identifier: Apache-2.0
+
+# zip uses some #define trickery that triggers warnings with
+# -Wformat-nonliteral.
+# This has been verified to be harmless in 3.0.
+#
+# Removing -Werror=format-nonliteral here allows us to use
+# -Werror=format-nonliteral globally in OPTIMIZE_FOR=security mode
+# while keeping zip building.
+
+TARGET_CFLAGS_remove = "-Werror=format-nonliteral"