23

Some background

  • iOS operation system has a "entitlement" notion . Generally speaking, it's a permission which is granted to an application. Other system services and apps can check for this permission to allow/deny execution of some functionality.

  • These entitlements should be specified in a provisioning profile.

  • System applications have a lot of different entitlements.

  • User application are limited to just couple of entitlements (like access to iCloud or something like that which can be configured on developer portal).

The question is: Does anybody know a way to add entitlements to user application for NON jailbroken device?

The overall idea is to add entitlements to developed app to gain more permissions to use system services.

Notes & Disclaimers

  • I know how to do this for jailbroken phone. However, it doesn't work on non jailbroken device.

  • I am aware that Apple will reject it. It won't go to AppStore.

  • The solution doesn't have to be a compile time solution (meaning, a way to modify a file). It could be a runtime solution - one application adding somehow entitlements to itself or to 3rd party app.

Victor Ronin
  • 22,758
  • 18
  • 92
  • 184
  • Not sure if that's possible as entitlements meant only for jailbroken devices! Just wondering why you want to do it through entitlement if it's not going to AppStore? Can't you just have client specific flags to on/off required features? That's how I do for our Enterprise Apps. Or may be I got you totally wrong? – Paresh Masani May 24 '13 at 13:24
  • @AppleDeveloper: I updated a question, because there was some ambiguity. I want to add entitlements to developed app to gain more permissions to use system services. So, it's not for turn on/off our functionality, but rather accessing some permission protected system functionality. – Victor Ronin May 24 '13 at 15:28
  • Interesting! sorry I can't be any help here other than vote up. Good luck. – Paresh Masani May 24 '13 at 15:40
  • Have you asked the Apple Developer's Network for this. I know some companies, especially if being used in an Enterprise Development Account can get special permissions for certain things. – logixologist Oct 30 '13 at 23:00

1 Answers1

3

No. Entitlements are contained within the application’s code signature. Changing them will, of course, break the signature, and stock iOS devices will not run code with a broken code signature. What you ask is not possible.

clarkcox3
  • 580
  • 4
  • 12
  • There is quite long execution path between entitlements stored in some file and actual enforcement of these entitlements. So, inability to change a file with the signature doesn't mean that execution path can't be modified. There could be some flags, private apis or so on which may allow to add entitlements on the fly, temporary disable entitlements checks and so on. – Victor Ronin Jun 06 '13 at 20:44
  • I do not have concrete knowledge of how to do this. The only mechanisms that come to mind are changing the static flags in the .plist, or performing some method swizzling to accomplish a runtime change. (http://cocoadev.com/wiki/MethodSwizzling) In the first case it's obvious the code signing gets broken. In the second, I see no way to add the swizzling code without breaking the signature. – CuriousRabbit Jun 15 '13 at 18:27