What does get-task-allow do in Xcode?
When I set up my entitlements in my iPhone app project, I create a new Entitlements.plist, and set the value of get-task-allow to false. But why? What does this key represent?
Note this is related to Application could not be verified error when building app for iPhone device - I found that flipping the value of this key to true allowed me to install the app on my device)
From this thread on ADC:
get-task-allow, when signed into an application, allows other processes (like the debugger) to attach to your app. Distribution profiles require that this value be turned off, while development profiles require this value to be turned on (otherwise Xcode would never be able to launch and attach to your app).
The ability to debug your application on the iPhone.
While your answer is correct, I just want to be more specific on this just so people who want to know what does exactly get_task_allow
mean, can.
get_task_allow
is an entitlement that allows other apps to get the task port of your app. This means that if any other app runs task_for_pid()
with your app process ID they'll get the task port of your app so they can do things like for example writing and reading things on the memory, therefore being able to patch things and modify the behavior of your app.
If you take a look at how a jailbreak works, you'll notice one of the first things they do is get task_for_pid(mach_task_self(),0,&kernel_task);
being that kernel_task
is a mach_port_t
with value 0
, so they are able to touch the kernel's memory.
As kernel entitlements do not have get_task_allow
entitlement, and Apple has even removed the possibility of doing tfp0
(task_for_pid 0
), they need a patch.
So basically as Xcode needs to touch your app's memory and work with it to debug it, you'll need to enable this for debugging, but you'll need to disable this to distribute your app or else any app would be able to get your task port.