After reading a good bit about the recent snafu of developers being tricked into using counterfeit Xcode versions that injected malware into people's apps, I have this question: How come App Review was unable to detect the malware?
It stands to reason that if we were to try to write a virus ourselves using the legitimate Xcode, of course we'd get rejected and probably wind up in worse trouble than that. I'm confident that they have the ability to detect that. But regardless of who wrote the malicious code, it's still going into an app that App Review is looking at—wouldn't it make no difference in the compiled binary?