How to check your version of Xcode for infection ‘XcodeGhost’

Surely you already know that several applications were infected with the XcodeGhost malware, as

developers based in China useda malicious version of Xcode, Apple's official tool for developing iOS and OS X applications. Affected by over 500 million users, XcodeGhost is the biggest iOS security hit.

Apple has currently emailed developers with instructions on how to test their version of Xcode to prevent similar incidents in the future.



We recently removed apps from the App Store,that were created using a fake version of Xcode that crippled customers. You should always download Xcode directly from the Mac App Store, or on the Apple Developer website, and leave Gatekeeper enabled on all of your anti-fraud software systems.

Gatekeeper automatically verifies code signingfor Xcode and confirms that this code is signed by Apple. However, if developers downloaded Xcode from another source, then they should follow these steps to verify the integrity of their version of Xcode:

To verify the authenticity of your copy of Xcode, run the following command in the terminal of the system with Gatekeeper enabled:



spctl -assess -verbose /Applications/

where / Applications / is the directory where it is installedXcode This tool performs the same checks as Gatekeeper, using application code to verify signature. It may take several minutes to complete the evaluation of Xcode.

The tool should return the following result for the version of Xcode downloaded from the Mac App Store:

/Applications/ accepted
source = Mac App Store

and for the version downloaded from the Apple developer website, the result should read either

/Applications/ accepted
source = Apple


/Applications/ accepted
source = Apple System

Any result other than ‘accepted’ or anysources other than “Mac App Store‘, ‘Apple System’ or ’‘ Apple show that the app’s signature is not valid for Xcode. You must download a clean copy of Xcode and recompile your applications before submitting them.

Surprisingly, iOS apps infectedthe malware went through the rigorous App Review process. So it remains to be seen what steps Apple will take to test applications that do not contain malware on the App Store.

You can use the Pangu command tool to find out if there are any applications infected with the XcodeGhost malware installed on your iOS device.