I've written an enterprise iPhone app for the field workers in our company, and the powers-that-be are considering offering it to some of our client companies as a freebie for their field workers to use. I assume that Apple would not allow enterprise distribution to users who are not company employees, so I would have to place it on the App Store.
However, we would like to restrict the user base to approved users or companies, so I would like to avoid making it available to just anyone. The app does communicate with our servers, which makes it something of a risk, in my opinion, of hacking; we'd certainly like to avoid that.
I'm wondering if there is a way to restrict App Store downloads only to certain users or companies? Or is there an alternative method to prevent just anyone from downloading and using the app?
Posting as answer, as per the OP...
For your case, you probably want to look at Business-to-Business distribution: https://developer.apple.com/programs/volume/b2b/
You could use the new "DeviceCheck APIs" that is release in iOS11
Using the DeviceCheck APIs, in combination with server-to-server APIs,
you can set and query two bits of data per device, while maintaining
user privacy. You might use this data to identify devices that have
already taken advantage of a promotional offer that you provide, or to
flag a device that you've determined to be fraudulent. The DeviceCheck
APIs also let you verify that the token you receive comes from an
authentic Apple device on which your app has been downloaded.
https://developer.apple.com/documentation/devicecheck
Related
I have a client who want their own App, and only to have it in their own shop for clients, not in the iOS App Store. I was wondering if it is possible to create an App, not to submit it to App Store, but to upload it to a website, and make it available for direct download to 50 devices?
For a situation like this they should really use the Business to Business app store.
https://developer.apple.com/programs/volume/b2b/
This will enable them to limit the availability of the app to invitation only. It allows private distribution and you can set your own pricing (can be free if appropriate). This is available with the standard developer license (not the Enterprise one).
There is no officially sanctioned way to do this, that I know of, other than Enterprise-internal, or by using the developer's (your) license, which doesn't sound like what you need.
Be careful: https://www.theiphonewiki.com/wiki/Misuse_of_enterprise_and_developer_certificates
Apple has very tight control over the platform, and specifically prevent what your client wants.
I would question why your client wants to circumvent Apple here. While it is true that Apple take 30% of the price, they also provide a lot of infrastructure and security in return. Perhaps they want to maximize profit, or their content doesn't satisfy Apple's restrictions?
Developing a web app may be an alternative. When done right these can provide similar interfaces, and access can be controlled, and Apple is out of the equation.
Failing that, you could create a separate developer account for this, and the 50 devices could be registered individually by their ID. This will not be anonymous any longer, and it will have to be renewed yearly.
Technically yes you can distribute an app outside of the App Store using the Enterprise Deployment Program.
However, according to the terms of the Enterprise Deployment Program the distribution is limited to only employees of your organization, and in your scenario you mention that they want to distribute the app to their clients.
See the full details in the Apple documentation here:
https://developer.apple.com/library/ios/documentation/IDEs/Conceptual/AppDistributionGuide/DistributingEnterpriseProgramApps/DistributingEnterpriseProgramApps.html
I would like to create an iOS App for a limited set of people.
It should be possible to download the app for free from App Store, but in order to use it
the idea is that you are required to be a member of the organization, which in this case is a local sports organization.
To solve the problem I thought of giving away activation keys to members that can be entered when they create an account, and therefore only members will be using the app.
Will the app be rejected by App Store? If so, is it possible to go around this in some away?
Thanks.
No you will not be rejected by the App Store.
During the review you will only need to give the access to demo account.
Your app will be available to anyone but you are free to give the credential to any person you want.
edit
Fyi I have such apps. The AppStore only block 'discriminating' app based on carrier or location (you can choose the countries anyway), but you are perfectly in the rules if you give access only to your clients...
edit edit
2.22 like I said is against arbitrary criterias, not linked to the login mechanism
for 11.1 and so on, I understand the point, but in my case (and I think yours) there is no problem if
you sell your service before, the app is just complimentary
you dont sell anything within the app
you dont charge for the app itself or anything within the app, you charge only the use of the server/back office/whatsoever
I guess that Apple dont care, they just don't want to bypass the applestore but I dont think that it is your case.
You should try Enterprise distribution for such purpose.
Yes your app may be rejected. Check the App Store Review Guidelines. In 2.2 it says
Apps that arbitrarily restrict which users may use the App, such as by location or carrier, may be rejected
There are different alternatives.
You can opt in for the Apple Developer Enterprise Program, this'll cost you 300$ a year and requires you to be a legal entity.
If you want to test it with a limited number of people (<1000) try looking into Testflight it was bought by Apple and is deeply integrated in the development process.
No, there will not. You need to to give some demo account info as test data to review while submitting to app store in the iTunes Connect portal.
Demo use case(worked for me): Implementation is like, there need some userid/unique pin to the registered account holders to start the application. At the time they input this pin, authenticate the user with our server and give the permission to let in to the app.
Otherwise you need to go for enterprise distribution. Find more about enterprise distribution here.
As you have understood from the question's title, I would like to know, how to identify iOS device across multiple apps. Advertising identifier and identifier for vendor is not an option for me, as apps may not have AdSupport framework included, and they may not have similar vendors. MAC address of the device is also deprecated. Any working solution on this? Thanks in advance!
This functionality is explicitly disallowed by Apple. Any workaround you come up with will violate Apple's stated goal of preventing it (so you would obviously risk appstore rejection even if it "works"). You are not allowed to track devices. You are only allowed to track the vendor ID and advertising ID. Apple has steadily removed every other tool because those are the ones they intend you to use (and their limitations are intentional).
What you are allowed to do is track users by issuing them login credentials and having them log into your server. This usually works fine if the user actually wants the functionality you're providing by tracking them (for example, users don't mind logging into Facebook or Twitter). If you are tracking users or devices to achieve a goal the users don't actually want (such as targeted advertising that the user can't control, or attempts at digital rights management tied to devices), you're unlikely to find a supported or permitted solution.
One of the customers wants my iOS app to be customised and distribute to employees of his client. I found Custom B2B approach best but he is insisting on enterprise distribution and I am sure like me he does not know much about Enterprise deployment and its limitations. I will not be giving the source code but just the customised binary. My questions :
a. Is it possible to build an ipa and sign it with the enterprise certificate and deliver it ?
b. Will there be lot of support required from my side on enterprise distribution and device management ?
c. Is it possible to limit the number of licences of app while distributing it on enterprise network ? If yes, what is the best way to achieve it ?
Apple supports three app deployment methods.
B2C - aka - the normal app store
B2B - this looks and acts like the normal app store but the app is not visible to the general public.
The only way to get an app to someone is via invitation using a redemption code. This looks to the user like a hybrid of a gift card redemption and a link to an app in the app store.
For this you "purchase" (they can be free) a set of redemption codes from Apple. They send them to you in a spreadsheet. You are then responsible for distributing the codes and tracking which have been used. Apple will send a report of those that were successfully redeemed.
This method can only be used if the app meets Apples criteria for B2B. If they feel it is something that could be on the general app store that is where they expect it to be. The sticking points are really around functionality that can only be used by your business partners, no redeeming public value.
This is also a valuable in ensuring that you don't have an app that gets poor reviews by people that can't use it because it is only useful to your partners.
B2A - aka Enterprise Deployment. This is a special and seperate development account that allows you to host an internal app store and package your own applications for in house deployment. Apple will only allow companies that meet certain requirements to have this type of account. There are strict rules around the deployment as well. Apps may only be distributed to employee devices and are not allowed to be distributed to non employees/customers/business partners.
for a client, I have been developing an app which has been tailored to make their employees every day lives easier. Think of it as a calendar designed to fit the needs of their special business.
Now it turns out that other companies in the business are interested in the very same solution too. My client suggested we could sell the app on the appstore.
Since the app is equally useful for companies with hundreds of employees as it is for a team of five, I wonder what would be the best way to sell it.
It is my understanding that a company, once they purchased one copy of the app, may install it on as many devices as they want, as long as they use the devices with the same iTunes account. This is especially true if the company would equip their employees with new devices for the purpose, like my client did. Right?
This is obviously not what I want, I'd rather like to charge a small price per device. Usually, this would cry for a volume license, which is not part of the appstore concept, except for educational institutions.
Now I am looking for a convenient way to achieve something with the same effect.
I was thinking about checking the UDID of the device against a whitelist on my server to allow each purchased license to run on just one device, while allowing migration of course.
To enable a company to purchase a "volume license", I would offer packs of additional licenses via In-App-Purchases, as well as individual licenses. The app itself would be free while featuring only demo capabilities, full functionality would be available after assigning the device to one of the purchased licenses. Means to manage licenses would be included within the app.
What do you guys think? Any technical reasons why this concept could fail?
Do you know of examples that actually implement something similar?
Any other ideas how to sell apps in volume? Maybe there are even some examples on how to implement something like this?
Do you think apple would approve this kind of use of in-app-purchases? (I know this last question is not of a kind that can be answered here without uncertainty, but let me hear what your gut feeling tells you..)
This question has been flagged as being off-topic twice, so I think I should back up the fact that I am mainly interested in a technical solution (and emphasized the important sub-questions accordingly). Of course I am interested in whether apple allows the proposed use of their appstore, however before I contemplate that further I need to know if there are technical caveats to my approach. I would love to offer code snippets to support the technical nature of my inquiry, however I'm just planning things so there is no code yet...
While the core question is still business-related here, and thus off topic, I'll bite.
The standard App Store end user license agreement has this wording:
a. Scope of License: This license
granted to You for the Licensed
Application by Application Provider is
limited to a non-transferable license
to use the Licensed Application on any
iPhone or iPod touch that You own or
control and as permitted by the Usage
Rules set forth in Section 9.b. of the
App Store Terms and Conditions (the
“Usage Rules”). This license does not
allow You to use the Licensed
Application on any iPod touch or
iPhone that You do not own or control,
and You may not distribute or make the
Licensed Application available over a
network where it could be used by
multiple devices at the same time. You
may not rent, lease, lend, sell,
redistribute or sublicense the
Licensed Application.
Therefore, if you consult the "App Store Product Usage Rules" section of the iTunes Store Terms and Conditions, you see this wording:
(i) You may download and sync an App
Store Product for personal,
noncommercial use on any iOS Device
you own or control.
(ii) If you are a commercial
enterprise or educational institution,
you may download and sync an App Store
Product for use by either (a) a single
individual on one or more iOS Devices
you own or control or (b) multiple
individuals, on a single shared iOS
Device you own or control. For
example, a single employee may use the
Product on both the employee's iPhone
and iPad, or multiple students may
serially use the Product on a single
iPad located at a resource center or
library.
(iii) You shall be able to store App
Store Products from up to five
different Accounts at a time on
compatible iOS Devices.
(iv) You shall be able to manually
sync App Store Products from at least
one iTunes-authorized device to iOS
Devices that have manual sync mode,
provided that the App Store Product is
associated with an Account on the
primary iTunes-authorized device,
where the primary iTunes-authorized
device is the one that was first
synced with the iOS Device or the one
that you subsequently designate as
primary using the iTunes application.
The rules are quite explicit about commercial enterprises not being allowed to just purchase one copy and install it on all devices at that company.
It is for this reason that Apple offers volume discounts for applications purchased in bulk (where the developer has checked the box in iTunes Connect allowing for this). I can't find the business equivalent, but here's Apple's page on the educational bulk discount program.
While I could see how you could use in-app purchase to activate functionality in an application and make sure that it was properly licensed, I've heard complaints about the practical difficulties of deploying applications using this in educational and business settings. Many applications use this approach for free Lite versions that upsell into the full paid application, so Apple has no problem with this.
One thing I do recommend is that you not abuse the ad hoc distribution system to do any licensing workarounds. The last time some geniuses did this caused Apple to clamp down on everyone's ad hoc licenses and make our lives more difficult.
The correct answer here is for the companies you sell to to purchase an Enterprise program from Apple, then for you to license the application to them. You can use over-the-air distribution to get the application onto their devices, and charge them a per-user or per-device fee.
Let anyone download the app for free in the app store, but charge for licenses/subscriptions outside of the app store. You can then require them to register each device they want to use and you charge accordingly.
Can I bypass Apple's in app purchase mechanism by outside billing?
Thq question was asked long before, but still I feel that the answer might help someone having the issue. All you need is Apple's Volume Purchase Program. It provides the option for custom B2B apps developed by third-party developers, that too can be seen and downloaded only by the authorized client. Cool, isnt it? :-)
For clarifications, see the FAQ
The client can do a bulk purchase, on which they will receive a bunch of URLs. By opening the URL in iOS device is enough to install the app. Of course, you need a Apple Developer account for download and install, I think.