After China malware infiltration, Apple helps developers ensure their Xcode install is legitimate

Apple on Tuesday issued a notice to developers, informing them how they can make sure their copy of Xcode is legitimate — a precaution necessitated by the appearance of malware on the iOS App Store in China.

Those malicious apps were built with a counterfeit version of Xcode, which developers may have been prompted to download from outside sources because of Internet speed and connectivity issues in China. As a result, Apple instructed developers to download Xcode directly from the Mac App Store or from its developer website, and to leave Gatekeeper enabled on all of their systems to protect against tampered software.

Developers can verify their copy of Xcode is legitimate by opening terminal on a Gatekeeper-enabled system and typing the following:

spctl — assess — verbose /Applications/Xcode.app

In the example above, /Applications/ should be the directory where Xcode is installed. The tool can take a few minutes to complete, but if a user has a legitimate copy of Xcode installed from the Mac App Store, it will return the following:

/Applications/Xcode.app: accepted

source=Mac App Store

And for legitimate copies of Xcode downloaded from Apple's developer website, the tool will return either of the following responses:

/Applications/Xcode.app: accepted

source=Apple

/Applications/Xcode.app: accepted

source=Apple System

If the returned result says anything other than "accepted," or the source reads anything other than "Mac App Store," "Apple System" or "Apple," then the application signature is not valid for that copy of Xcode.

Developers who are not running a legitimate copy of Xcode are advised to download a clean copy from the Mac App Store or Apple's developer site, and to recompile their applications before submitting them for review.

Apple confirmed on Sunday that modified versions of Xcode were used to successfully infiltrate malware into the iOS App Store. In all, about 40 infected apps made it through, including WeChat and ridesharing service Didi Kuaidi.

The malicious copies of Xcode were hosted on cloud storage run by China's Baidu, and those copies have since been removed. Developers running a modified version of Xcode would have needed to disable Apple's Gatekeeper security feature in order to run the software.

Chinese developers turn to alternative download sources hosted on local servers, because downloads from Apple's own servers can be very slow within the country.

Follow AppleInsider on Google News

25 Comments

rayz

said about 8 years ago

I was hoping they'd find a way of detecting applications that weren't built with a legit copy of Xcode.

knowitall

said about 8 years ago

[quote name="Rayz" url="/t/188429/after-china-malware-infiltration-apple-helps-developers-ensure-their-xcode-install-is-legitimate#post_2780710"]I was hoping they'd find a way of detecting applications that weren't built with a legit copy of Xcode. [/quote] The best way to detect that is to scan the binary for malware, effectively Apple has to use a 'virus' scanner when accepting an app. We all know that that's as effective as taking a flu shot (although it is effective as a base income for the pharmaceutical industry) and makes all new cases undetectable.

tchung

said about 8 years ago

The correct command is: $ spctl --assess --verbose /Applications/Xcode.app See https://developer.apple.com/news/?id=09222015a

mac_dog

said about 8 years ago

sounds to me like it's a case of either laziness or intentionally using a compromised version of Xcode. how difficult is it to go to either the app store or apple developer website and download it?