EDIT: see conclusion at the end of this post.
First off, let me clarify I've found a few similar questions/answers on SO, but none that apply to my particular situation. The one that came closest is this one but it doesn't address the AirWatch aspect.
So I'll try to be very specific.
Background
I have an iOS application that's free. I also have the same app for Android and Windows 10 but those are not my concern.
The iOS app is available to anyone from the App store. But I have a few large corporate customers who use AirWatch to manage the installation/update cycle of their devices. They either have Enterprise or VPP Apple accounts. They want me to provide them with the IPA file so they can distribute it themselves through AirWatch.
In my mind, that's a perfectly legitimate request: they just want to have better control over what gets installed on their devices.
Problem
From what I understand, an Enterprise account requires that the application be signed with the customer's certificate. But if I have several such customers, that means I have to re-sign each application for each customer, every time I have a new update available. And those customers that have VPP accounts cannot use them because the VPP program only applies to paid apps, not to free ones.
Note: keep in mind that at that stage when I'm ready to provide the app to these customers, the app has already been reviewed and accepted by the App Store. So it's deemed legit.
After googling this matter for a while, I know it's possible for someone else to resign an app or to sign it for the first time if it is provided in unsigned form to start with. However, resigned apps are apparently not supported by AirWatch (and, I assume, other MDM's as well).
If that information is incorrect, then I guess all I would need to know is the recipe that I, as a coder, have to follow before providing the app to my customers and what kind of steps they have to take in order to deploy using AirWatch.
Question
So how do I get my free app to my customers so they can manage the distribution themselves, without me having to go through yet another set of hassles every time I change something.
Remember: if I only had a single corporate customer I wouldn't give it a second thought and I would just use their own certificates but I have several potential customers with the same requirements, so the point is to make it easy for all of them and for myself.
I hope my question was clear enough, thanks in advance for any help.
EDIT - Conclusion: I was able to validate that an unsigned IPA file can be signed with the customer's certificate and uploaded to their AirWatch distribution app. Which means I simply have to provide the unsigned version to any customer with the same issue and they will be able to distribute the app themselves with their MDM. Hope this information helps others.
If your customers really can't re-sign your IPA, I believe the best solution for you to do would be to sign up yourself for an enterprise account, then use your own enterprise provisioning profile to sign a single ipa for distribution to the companies that need the app. Their MDM platforms should be able to handle the "trusting" of your enterprise signing identity, so the experience for the end users would be no different than if they were installing and running one signed by their own enterprise account.
The downside of this is that you will then be on the hook for providing your customers new versions when your cert of profile is about to expire. If you have them re-sign your IPA, it would be their responsibility to keep track of that and resign / redistribute a new provisioning profile when they expire.
Also, I have never heard of any restrictions on MDM's distributing re-signed IPAs. I don't even understand how they could prevent it, as a properly re-signed IPA should look no different than an IPA that was build and signed using the new signing identity and profile. I would challenge that, as many MAM (Mobile App Management) vendors offer wrapping of apps that do re-sign the binaries and allow you to distribute those resigned IPAs through MDM systems. I would really expect any corporation with Airwatch to know how to resign an IPA using something like iReSign. That really is your easiest option. Build an IPA for each release, send it out to all your clients, and each can re-sign it with their own signing identity. That way if you stop doing development, they aren't reliant on your signing identity and profile to keep the application running.
because the VPP program only applies to paid apps, not to free ones.
You can manage free apps with VPP. It's maybe free but it's still a license. VPP manages licenses for an organization and allows admins to give and tack back these licenses.
I have right now free Apps in my AirWatch Console, in the tab "Purchased". This tab is only available if VPP is configured and displays only apps from the VPP. I can't go check in the VPP myself because I don't have any access but theses free apps wouldn't be in the tab "Purchased" if they weren't bought with the VPP.
They want me to provide them with the IPA file so they can distribute it themselves through AirWatch.
If you are ready to do that, your customers can upload the ipa file as an internal application and then deploy it to their iOS devices. As AirWatch customers, they should have access to the document VMware AirWatch Mobile Application Management (MAM) Guide with the Chatper 4 "Internal Applications". There is a particular process for iOS apps described.
Related
I know questions like this one have been asked over and over again but I couldn't find an answer that goes straight to the point.
I have seen guides that seems to allow you to distribute your app OTA without having to be part of the Enterprise program.
I also have seen some tricks where, if you don't have a SSL certificate in your hosting, you still can use dropbox to configure your "links". (Enterprise app deployment doesn't work on iOS 7.1)
In summary I have used dropbox as it was indicated in one of the answers I found before and it totally worked. The problem is that I tried to test it in a different device and it didn't work (typical message
Unable to Download App. xxxx could not be installed at this time.
I'm signing the app using a distribution certificate and I'm using a provisioning profile for distribution:
I know it can sound pretty obvious that all that is meant to work only for the AppStore or ad-hoc distribution (this last one requires to collect all devices UDID and it's not what i'm looking for).
I would like to know if it is definitely possible or not to distribute my apps "in-house" without having to be part of the Enterprise program. If true... what I'm doing wrong?
Note: the guide you link to is not for in-house app distribution. That blog post is about ad-hoc distribution without using iTunes. It's not about not having to provision your devices or getting around paying for the Enterprise program.
It is possible, but it still requires the business to spend some money.
If the business is enrolled in the Volume Purchase Program then you can identify them as the authorized purchaser of your Business 2 Business app when you submit it to the App Store. Regular customers won't see it.
Unfortunately, Apple does not say up front how much it costs a business to enroll in the Volume Purchase Program (I'm guessing that it varies) so I don't know if it's cheaper than the Enterprise Program.
I'm in charge of developing an application for my company. It'll only be used by my company. I found the Enterprise Program.
I read
iOS Developer Enterprise Program
but I also read something about MDM iOS that I need to implement.
Is MDM needed to distribute my app? Also, how will my coworkers be able to download the app? How does Apple know they are authorized, and not some random guy who found the link on Google?
You don’t need to do MDM for the enterprise program as far as I know. As for preventing people from downloading the app, I think you just have to keep the link private, or put it behind a URL that can only be accessed on your company network or VPN. And of course, require login, so someone can’t access your internal information just by downloading the app! Presumably, Apple will revoke your enterprise privileges if they find you are abusing them.
Source: I worked at a company that used enterprise distribution for internal beta distribution, among other things.
One of my clients has 30 iPads that are used with an in-house developed app. The "Ad Hoc" distribution model is easy to implement if the number of deployed devices is less than 100. This approach is sometimes described as a "Beta test" approach, but that's just one common use for it.
See these pages:
https://developer.apple.com/library/ios/documentation/IDEs/Conceptual/AppDistributionGuide/TestingYouriOSApp/TestingYouriOSApp.html
Ad-hoc Deployment
My company has an iOS Enterprise Account to distribute In-House Apps. Now we want to develop an app for a customer. The question is: How to deploy the app to the customer's employee's devices? I heard about a "B2B Program", but I wasn't able to find any further details how to deploy to a special Business Store.
I know that there are a lot of discussion about this topic on the net, but I missed the fine details how the process is working in detail.
So what possibilities we have to get the app installed on the customer's employee's iPads?
EDIT: I don't want to invite beta testers or anything similar. I need an official way to install the app on the devices of the customers employees.
Another faster solution then testflightapp is diawi.com.
The link doesn't hold forever but it takes a few seconds to generate a download link.
You either use an archived IPA or a zipped .app , drag it to the relevant part of the site and it generates a download link for you.
We have been using this with a lot of customers with great success.
Just remember - the link is temporary.
Alternatively you can build a simple web page around the IPA file on a server you own (look at the generated diawi page for reference of the tags and info used).
You can also try OTA Distribution process, for more details go through this link.
Here download link is permanent and you don't need to use any third party tool.
How about using a Mobile Distribution Platform like MobileIron?
http://www.mobileiron.com
A few clients at my work use them and their services are pretty good.
I'm doing this for a client now. B2B is, I think, not what you want. Enterprise distribution is intended, by Apple, for in-house distribution. 'In-house' extends as far as out-of-house reps, and even independent contractors who use your client's in-house business app.
Your client should purchase his own Enterprise Developer's certificate, or ask you to purchase one for him. Use that certificate and associated provisioning profile to publish the app (in the usual way using the 'Ad-Hoc' distribution type). Then deploy over-the-air.
Been searching through the forum without much luck.
I have an app on iTunes that help users find the best mobile subscription plan based on their usage - and usage estimated by uploading picture from settings.
The plan is to create an enterprise version, and was wondering if it is possible to distribute the enterprise version through the existing one via a button in the app. (i.e. when clicking it automatically downloads the enterprise app).
Do you know if it is possible, and have you seen others doing the same thing?
And do you know if there are any limitations to the model? (if it is possible)
Enterprise distribution can not be done like that and its own kinda provisioning for distribution, you have to take the member for the enterprise distribution programme and create new binary for distribution.
Enterprise apps are only for in-house app development. For example IBM wants to make an internal mail app that logs into their private servers. Distributing to customers is in breach of the agreement and your account would be removed if you attempted this.
Googling this topic I get a sense there are three ways apple allows to distribute the app to end user. However it's still quite vague how exactly each one of these methods actually work and differ.
Ad Hoc Distribution - how does this really work. does this method not require the app to be submitted on app store ? If Yes , then where will the user download the app from and how the installation procedure works.
In-House Distribution - how does this work ? some text i came across suggests we can host the app on a private enterprise server and allow users install from there. If this is true apple would have no way to regulate the app.. not so clear.
App Store deployment - this one i understand how it works as a consumer of some apps i have purchased from app store. In this case the app will have to be submitted to app store first and then available for any number of users to install.
The other question I had on the same context is to be able to deploy the app via one of the ways what type of dev license is required to be procured from apple ?
Ad Hoc Distribution - This is most commonly used for sending the applications to beta testers, you register their UDID in your Developer Portal and then send them the app bundle and a provisioning profile. They drag these into iTunes and can install the application.
In-House Distribution - If I recall correctly this is only available if you have Enterprise license, you can deploy this app to all devices associated with that account (so all of your companies phone for example)
App Store Distribution - This is when your app ends up in the App Store, you submit it to Apple after code signing it, then they review and it gets accepted.
Hopefully that clears things up a bit for you.
For distribution methods 1 & 3 you must have paid the $99 developer fee, number 2 you must have paid $299 (I think that's the right price) for the enterprise developer license.
For the Ad-Hoc thing: You can add up to 100 devices per year to your dev portal. Those 100 devices are then able to install specially signed Apps from you.
To add a device to your portal you need it's UDID. To distribute an App via Ad-Hoc you need to create a special Ad-Hoc distribution profile for the App, sign it with this profile and then send the compiled .app file bundled with the profile to your users. They will then be able to install the app via iTunes, just like they've downloaded it from the App Store.
Note: Removing a previously added device from the list does not increase the device count by.
That's pretty much it, am not familiar with in-house distribution.
Apple's definition of "in-house" distribution basically means: buy an enterprise developer account.
http://www.apple.com/iphone/business/apps/in-house/resources.html