No it's not. It's an automated malware scan. They can already revoke Developer ID certificates and block whatever they want by updating XProtect (even unsigned apps).