An incomplete list of entitlement keys

Key	Type	Used by	Checked by	Notes
com.apple.springboard.debugapplications	boolean	gdb gdbserver	SpringBoard: _SBXXCancelWatchdogAssertionForProcess _SBXXRenewWatchdogAssertionForProcess _SBXXAddWatchdogAssertionForProcess _SBXXLaunchApplicationForDebugging
com.apple.springboard.launchapplications	boolean	iapd Cydia.app Preferences.app Web.app	SpringBoard: _SBXXLaunchApplicationWithIdentifier
com.apple.springboard.opensensitiveurl	boolean	CoreLocation.framework dataaccessd ManagedConfiguration.framework AppStore.app MobileAddressBook.app MobileMail.app MobileMusicPlayer.app MobileSafari.app MobileStore.app Preferences.app locationd	SpringBoard: _SBXXOpenSensitiveURL
com.apple.springboard.wipedevice	boolean	dataaccessd Preferences.app	SpringBoard: _SBXXDataReset
com.apple.springboard.setnowplayinginformation	boolean	YouTube.framework MobileMail.app MobileSafari.app YouTube.app	?
com.apple.springboard.activateawayviewplugins	boolean		SpringBoard: _SBXXEnableLockScreenBundle
com.apple.remotenotification.server.preferences	boolean	Preferences.app	SpringBoard: _SBRNSetBundleIdentifierTypes
get-task-allow	boolean	gdb gdbserver	?	The only documented entitlement key, means "Can be debugged".
task_for_pid-allow	boolean	ReportCrash ps gdb gdbserver	kernel
keychain-access-groups	array of strings	Too many	?	Everyone uses it has the value (apple).
application-identifier	string	Too many	?	The content may not be the same as the bundle ID. For example, the application-identifier for AppStore apps will be (10 random characters).(bundle ID)
allow-obliterate-device	boolean	SpringBoard	?
seatbelt-profiles	array of strings	MobileMail.app MobileSafari.app Web.app	kernel?
modify-anchor-certificates	boolean	Preferences.app	?

The entitlement of a task can be obtained using the undocumented SecTask*** functions. Because of this, a library can define a set of entitlement keys other applications using it must follow.