How to enable get-task-allow entitlement? Is it need to be enabled in signing certificate or can we enable it from Xcode?

get-task-allow

is typically added by Xcode automatically for development builds. You can disable this default behaviour via Code Signing Inject Base Entitlements (

CODE_SIGN_INJECT_BASE_ENTITLEMENTS

) build setting.

Keep in mind that, like most entitlements,

get-task-allow

must be whitelisted by your provisioning profile, and only Development profiles have it so whitelisted.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hi,

How to make this setting in XCode 9?

Regards

PK

I had a look at Xcode 9.4 and it seems to support Code Signing Inject Base Entitlements just like Xcode 10.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hi,

This can be acheived from the codesign command as well.

sudo codesign --sign "xxxx" -f --timestamp --options=runtime --entitlements /Users/admin/Desktop/ent.plist <path to app>

The /Users/admin/Desktop/ent.plist file contains

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>com.apple.security.get-task-allow</key>

<false/>

</dict>

</plist>

Hope this helps.