Xcode icon

Apple: Developers Should Validate Their Copy of Xcode

Xcode iconIf you use Xcode to write apps for any Apple device, the company wants you to validate your version of Xcode and make sure that you never download a copy from anywhere else. Rocket Yard readers are probably aware of recent news stories that a counterfeit version of Xcode known as XcodeGhost was injecting malicious code into apps that ended up on the App Store. As a result, Apple had to remove over 5,000 malware-laden apps from the App Store.

To keep this from happening again, Apple recommends that developers download Xcode directly from the Mac App Store or Apple Developer website, and also leave Gatekeeper enabled on all systems to protect against software that has been tampered with.

To validate a copy of Xcode, there’s a simple command that can be run in Terminal on a system that has Gatekeeper enabled:

spctl --assess --verbose /Applications/Xcode.app

/Applications/ is the directory where you have Xcode installed, so you may need to change this. Running this check can take several minutes, after which a result of “accepted” should be visible in Terminal:

Validating Xcode in Terminal

If a result other than “accepted” or a source other than “Mac App Store”, “Apple System” or “Apple” appears, delete Xcode and download a new copy from the Mac App Store or Apple Developer

Be Sociable, Share This Post!
Steve Sande
the authorSteve Sande
Contributing Author
Steve is the publisher of Apple World Today, a website providing news, reviews and how-tos for the world of Apple, as well as an author on The Rocket Yard. He's an avid photographer, an FAA-licensed drone pilot, and a really bad guitarist.

Leave a Reply

Comment

Name

5 Comments

    • I have a same probrem.
      Xcode 6.2(6C131e) on OS X 10.10.5 downloaded from App Store on March, 2015.
      rejected
      source=obsolete resource envelope

      Then, I downloaded the same version (Xcode 6.2(6C131e)) from Apple Developer site and installed.
      That’s OK.
      accepted
      source=Apple System

      What’s different?

  • It’s really strange that so many paying developers would be downloading Xcode from sources other than Apple Developer Connection website.

      • This is not surprising in China since the Internet is slow there and people are use to copying-pirating software from sites other than the official site.
        Apple should mandate in OSX that gatekeeper be on for Xcode to run. This way it can block modified versions of Xcode immediately.