After China malware infiltration, Apple helps developers ensure their Xcode install is legitimate

article thumbnail

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

Apple on Tuesday issued a notice to developers, informing them how they can make sure their copy of Xcode is legitimate — a precaution necessitated by the appearance of malware on the iOS App Store in China.

Those malicious apps were built with a counterfeit version of Xcode, which developers may have been prompted to download from outside sources because of Internet speed and connectivity issues in China. As a result, Apple instructed developers to download Xcode directly from the Mac App Store or from its developer website, and to leave Gatekeeper enabled on all of their systems to protect against tampered software.

Developers can verify their copy of Xcode is legitimate by opening terminal on a Gatekeeper-enabled system and typing the following:

spctl — assess — verbose /Applications/

In the example above, /Applications/ should be the directory where Xcode is installed. The tool can take a few minutes to complete, but if a user has a legitimate copy of Xcode installed from the Mac App Store, it will return the following:

/Applications/ accepted

source=Mac App Store

And for legitimate copies of Xcode downloaded from Apple's developer website, the tool will return either of the following responses:

/Applications/ accepted


/Applications/ accepted

source=Apple System

If the returned result says anything other than "accepted," or the source reads anything other than "Mac App Store," "Apple System" or "Apple," then the application signature is not valid for that copy of Xcode.

Developers who are not running a legitimate copy of Xcode are advised to download a clean copy from the Mac App Store or Apple's developer site, and to recompile their applications before submitting them for review.

Apple confirmed on Sunday that modified versions of Xcode were used to successfully infiltrate malware into the iOS App Store. In all, about 40 infected apps made it through, including WeChat and ridesharing service Didi Kuaidi.

The malicious copies of Xcode were hosted on cloud storage run by China's Baidu, and those copies have since been removed. Developers running a modified version of Xcode would have needed to disable Apple's Gatekeeper security feature in order to run the software.

Chinese developers turn to alternative download sources hosted on local servers, because downloads from Apple's own servers can be very slow within the country.