There’s been some bad news in the land of iOS. Apparently, some apps were hijacked for nefarious deeds. This was accomplished via an evil copy of Xcode – Apple’s development software. Developers using “XcodeGhost” were unknowingly adding bad code to their software. Apple has removed these corrupted apps from the app store and is advising developers on how to avoid this problem from happening again.
Here’s a statement from Apple:
We recently removed apps from the App Store that were built with a counterfeit version of Xcode which had the potential to cause harm to customers. You should always download Xcode directly from the Mac App Store, or from the Apple Developer website, and leave Gatekeeper enabled on all your systems to protect against tampered software.
The statement also included a terminal command to validate a copy of Xcode.
spctl --assess --verbose /Applications/Xcode.app
If your copy of Xcode is not installed in the standard location, then the path to Xcode would be different.
I wasn’t too worried about XcodeGhost. I haven’t published an iOS app in years. Also, I use the Mac App Store to download Xcode. Version 7 is 3.59 GB. That’s a massive download, so I can understand why XcodeGhost is a problem. But since I have Xcode installed, I was curious about checking it. So, I ran the terminal command.
Apparently, my copy of Xcode is legitimate. It said “Accepted”. That’s good to know, as I am planning to make iOS apps and games in the future.