Skip to main content
X

Send us a Topic or Tip

Have a suggestion for the blog? Perhaps a topic you'd like us to write about? If so, we'd love to hear from you! Fancy yourself a writer and have a tech tip, handy computer trick, or "how to" to share? Let us know what you'd like to contribute!

Thanks for reaching out!

Apple: Developers Should Validate Their Copy of Xcode

Xcode iconIf you use Xcode to write apps for any Apple device, the company wants you to validate your version of Xcode and make sure that you never download a copy from anywhere else. Rocket Yard readers are probably aware of recent news stories that a counterfeit version of Xcode known as XcodeGhost was injecting malicious code into apps that ended up on the App Store. As a result, Apple had to remove over 5,000 malware-laden apps from the App Store.

To keep this from happening again, Apple recommends that developers download Xcode directly from the Mac App Store or Apple Developer website, and also leave Gatekeeper enabled on all systems to protect against software that has been tampered with.

To validate a copy of Xcode, there’s a simple command that can be run in Terminal on a system that has Gatekeeper enabled:

spctl --assess --verbose /Applications/Xcode.app

/Applications/ is the directory where you have Xcode installed, so you may need to change this. Running this check can take several minutes, after which a result of “accepted” should be visible in Terminal:

Validating Xcode in Terminal

If a result other than “accepted” or a source other than “Mac App Store”, “Apple System” or “Apple” appears, delete Xcode and download a new copy from the Mac App Store or Apple Developer

Steve Sande
the authorSteve Sande
Contributing Author
Steve has been writing about Apple products since 1986, starting on a bulletin board system, creating the first of his many Apple-related websites in 1994, joining the staff of The Unofficial Apple Weblog in 2008, and founding Apple World Today in 2015. He’s semi-retired, loves to camp and take photos, and is an FAA-licensed drone pilot.
Be Sociable, Share This Post!

Leave a Reply

5 Comments

  • Xcode 6.2 (6C131e) on OS X 10.9.5 freshly downloaded from App Store today:

    rejected
    source=obsolete resource envelope

    • I have a same probrem.
      Xcode 6.2(6C131e) on OS X 10.10.5 downloaded from App Store on March, 2015.
      rejected
      source=obsolete resource envelope

      Then, I downloaded the same version (Xcode 6.2(6C131e)) from Apple Developer site and installed.
      That’s OK.
      accepted
      source=Apple System

      What’s different?

  • It’s really strange that so many paying developers would be downloading Xcode from sources other than Apple Developer Connection website.

      • This is not surprising in China since the Internet is slow there and people are use to copying-pirating software from sites other than the official site.
        Apple should mandate in OSX that gatekeeper be on for Xcode to run. This way it can block modified versions of Xcode immediately.