What does get-task-allow do in Xcode?

While your answer is correct, I just want to be more specific on this just so people who want to know what does exactly get_task_allow mean, can.

get_task_allow is an entitlement that allows other apps to get the task port of your app. This means that if any other app runs task_for_pid() with your app process ID they'll get the task port of your app so they can do things like for example writing and reading things on the memory, therefore being able to patch things and modify the behavior of your app.

If you take a look at how a jailbreak works, you'll notice one of the first things they do is get task_for_pid(mach_task_self(),0,&kernel_task); being that kernel_task is a mach_port_t with value 0, so they are able to touch the kernel's memory.

As kernel entitlements do not have get_task_allow entitlement, and Apple has even removed the possibility of doing tfp0(task_for_pid 0), they need a patch.

So basically as Xcode needs to touch your app's memory and work with it to debug it, you'll need to enable this for debugging, but you'll need to disable this to distribute your app or else any app would be able to get your task port.


From this thread on ADC:

get-task-allow, when signed into an application, allows other processes (like the debugger) to attach to your app. Distribution profiles require that this value be turned off, while development profiles require this value to be turned on (otherwise Xcode would never be able to launch and attach to your app).


The ability to debug your application on the iPhone.