AppleInsider Staff
Apple on Tuesday issued a notice to developers, informing them how they can make sure their copy of Xcode is legitimate — a precaution necessitated by the appearance of malware on the iOS App Store in China.
Those malicious apps were built with a counterfeit version of Xcode, which developers may have been prompted to download from outside sources because of Internet speed and connectivity issues in China. As a result, Apple instructed developers to download Xcode directly from the Mac App Store or from its developer website, and to leave Gatekeeper enabled on all of their systems to protect against tampered software.
Developers can verify their copy of Xcode is legitimate by opening terminal on a Gatekeeper-enabled system and typing the following:
spctl — assess — verbose /Applications/Xcode.app
In the example above, /Applications/ should be the directory where Xcode is installed. The tool can take a few minutes to complete, but if a user has a legitimate copy of Xcode installed from the Mac App Store, it will return the following:
/Applications/Xcode.app: acceptedsource=Mac App Store
And for legitimate copies of Xcode downloaded from Apple's developer website, the tool will return either of the following responses:
/Applications/Xcode.app: acceptedsource=Apple
/Applications/Xcode.app: accepted
source=Apple System
If the returned result says anything other than "accepted," or the source reads anything other than "Mac App Store," "Apple System" or "Apple," then the application signature is not valid for that copy of Xcode.
Developers who are not running a legitimate copy of Xcode are advised to download a clean copy from the Mac App Store or Apple's developer site, and to recompile their applications before submitting them for review.
Apple confirmed on Sunday that modified versions of Xcode were used to successfully infiltrate malware into the iOS App Store. In all, about 40 infected apps made it through, including WeChat and ridesharing service Didi Kuaidi.
The malicious copies of Xcode were hosted on cloud storage run by China's Baidu, and those copies have since been removed. Developers running a modified version of Xcode would have needed to disable Apple's Gatekeeper security feature in order to run the software.
Chinese developers turn to alternative download sources hosted on local servers, because downloads from Apple's own servers can be very slow within the country.
-m.jpg)
Charles Martin
Christine McKee
Wesley Hilliard
Malcolm Owen
Andrew Orr
William Gallagher
Sponsored Content
25 Comments
I was hoping they'd find a way of detecting applications that weren't built with a legit copy of Xcode.
[quote name="Rayz" url="/t/188429/after-china-malware-infiltration-apple-helps-developers-ensure-their-xcode-install-is-legitimate#post_2780710"]I was hoping they'd find a way of detecting applications that weren't built with a legit copy of Xcode. [/quote] The best way to detect that is to scan the binary for malware, effectively Apple has to use a 'virus' scanner when accepting an app. We all know that that's as effective as taking a flu shot (although it is effective as a base income for the pharmaceutical industry) and makes all new cases undetectable.
The correct command is: $ spctl --assess --verbose /Applications/Xcode.app See https://developer.apple.com/news/?id=09222015a
sounds to me like it's a case of either laziness or intentionally using a compromised version of Xcode. how difficult is it to go to either the app store or apple developer website and download it?
This should've been included in this story: https://support.apple.com/en-us/HT202491