About two months ago Apple removed several apps from the App Store that were built with a counterfeit version of Xcode, which according to Apple those apps had the potential to cause harm to customers.
Apple has always suggested to download Xcode directly from the Mac App Store, or from the Apple Developer website, and leave ‘Gatekeeper’ enabled on all your systems to protect against tampered software.
Today, Apple released a new version of Xcode (7.1.1), and if you’re wondering if you have the “safe” version installed on your system? Wonder no more! Here’s how to find out:
Note: To properly verify the identity of your copy of Xcode run the following command in your choice of Terminal on a system with ‘Gatekeeper’ enabled.
spctl --assess --verbose /Applications/Xcode.app
Where /Applications/ is the directory where Xcode is installed. This tool performs the same checks that Gatekeeper uses to validate the code signatures of applications. The tool can take up to several minutes to complete the assessment for Xcode.
The tool should return the following result for a version of Xcode downloaded from the Mac App Store:
/Applications/Xcode.app: accepted source=Mac App Store
And for a version downloaded from the Apple Developer website, the result should read either:
/Applications/Xcode.app: accepted source=Apple
/Applications/Xcode.app: accepted source=Apple System
Any result other than ‘accepted’ or any source other than ‘Mac App Store’, ‘Apple System’ or ‘Apple’ indicates that the application signature is not valid for Xcode. You should download a clean copy of Xcode and recompile your apps before submitting them for review.