How to tell if you're using a counterfeit version of Xcode | Cult of Mac

How to tell if you’re using a counterfeit version of Xcode

By

Double-check that you're using the right version of Xcode to build apps.
Double-check that you're using the right version of Xcode to build apps.
Photo: Johan Larrson/Flickr

Developers who have downloaded Xcode from an non-Apple source now have a way to tell if the version their using is an official Apple version, or if it might be infected by XcodeGhost, which wreaked havoc on the App Store on Sunday.

Apple has outlined how to verify if you’re using a counterfeit version of Xcode in a new support document. Developers should always download Xcode directly from the Mac App Store or Developer Website, but if you haven’t, follow these steps to make sure your copy is legit:

1) Open Terminal
2) Run the following command: spctl –assess –verbose /Applications/Xcode.app
3) Wait a few minutes.

Terminal will return the following for Xcode downloaded from the Mac App Store:

/Applications/Xcode.app: accepted
source=Mac App Store

If you downloaded Xcode from the Developer Site it will return one of the following:

/Applications/Xcode.app: accepted
source=Apple

or

/Applications/Xcode.app: accepted
source=Apple System

If Terminal’s results are anything other than ‘accepted’ from any source other than ‘Mac App Store’, ‘Apple System’ or ‘Apple’, you have a version that doesn’t have a valid signature. Delete it, and go download a clean version from the dev site.

Source: Apple