What does get-task-allow do in Xcode?
Solution 1
From this thread on ADC:
get-task-allow, when signed into an application, allows other processes (like the debugger) to attach to your app. Distribution profiles require that this value be turned off, while development profiles require this value to be turned on (otherwise Xcode would never be able to launch and attach to your app).
Solution 2
While your answer is correct, I just want to be more specific on this just so people who want to know what does exactly get_task_allow
mean, can.
get_task_allow
is an entitlement that allows other apps to get the task port of your app. This means that if any other app runs task_for_pid()
with your app process ID they'll get the task port of your app so they can do things like for example writing and reading things on the memory, therefore being able to patch things and modify the behavior of your app.
If you take a look at how a jailbreak works, you'll notice one of the first things they do is get task_for_pid(mach_task_self(),0,&kernel_task);
being that kernel_task
is a mach_port_t
with value 0
, so they are able to touch the kernel's memory.
As kernel entitlements do not have get_task_allow
entitlement, and Apple has even removed the possibility of doing tfp0
(task_for_pid 0
), they need a patch.
So basically as Xcode needs to touch your app's memory and work with it to debug it, you'll need to enable this for debugging, but you'll need to disable this to distribute your app or else any app would be able to get your task port.
Solution 3
The ability to debug your application on the iPhone.
Related videos on Youtube
Codebeef
Freelance Rails and iOS developer based in Manchester, UK. Developer behind Bouldr and it's iphone app. More projects available on my site, along with my portfolio and a little more about me. If you have a project you'd like helping out with, I'm available for freelance work.
Updated on December 08, 2020Comments
-
Codebeef over 3 years
When I set up my entitlements in my iPhone app project, I create a new Entitlements.plist, and set the value of get-task-allow to false. But why? What does this key represent?
Note this is related to Application could not be verified error when building app for iPhone device - I found that flipping the value of this key to true allowed me to install the app on my device)
-
Codebeef almost 15 yearsInteresting! If that's all it does, then I wonder why flipping the value to false prevents me from installing the app on my device? (Related SO question: stackoverflow.com/questions/997884/…)
-
Greg Maletic over 13 yearsSo are are projects required to have two Entitlements.plist files, one where this value is set to YES that targets Debug profiles, and another that specifies NO, targeting Distribution profiles?
-
Greg Maletic over 13 yearsNevermind, solved my own question. If you leave out Entitlements.plist out of your Debug build settings, you have no problem.
-
jamie almost 13 yearsnit picking, but developer profiles do not require this value to be turned on. they'll still run. you just can't attach the debugger.
-
spd about 12 yearsBut, I could debug even after Entitlements.plist was not included to the project in Debug mode with Developer profile. Could someone explain me this?
-
The Lazy Coder about 12 yearsdefault for debug is true, default for release is false. Turning it to false will disable debug.
-
Nicolas Miari almost 12 yearsBut distribution configs are usually derived from 'release'. Shouldn't that mean that you don't need to specify FALSE for AdHoc? (or for that matters, have an Entitlements file at all?)
-
Alix about 8 yearsThis answer make sense but my question is how get-task-allow found its way into my distribution profile. Organizer dont give me way to edit it.
-
Jadar over 7 yearsThis answer could be greatly improved if it included more information like Codebeef's.
-
saagarjha about 6 years@Codebeef I believe this is a restriction that Xcode imposes rather than an inherent one.
-
mfaani almost 4 yearsI think this was the link you originally meant: developer.apple.com/forums/thread/119059
-
CyberMew over 2 yearsAnd to add on a official link: developer.apple.com/library/archive/technotes/tn2415/… says "The boolean value of
get-task-allow
determines whether Xcode's debugger can attach to the app."