Multiple websites offer the possibility of downloading app(s) directly from their site, without the use of the App Store (emu4ios.net, iemulators.com, gba4iosapp.com).
By following the guidelines provided on these sites, the app will be downloaded and installed on my device.
My question is, how is this achieved, and how may I accomplish this with my own app/website?
You need an enterprise certificate. And as soon as you do this, your certificate will be revoked. However if the user sets their day back before the certificate was revoked the app will install properly.
Please note, enterprise certificates are expensive, and its probably better you buy the normal developer package.
Related
EDIT: see conclusion at the end of this post.
First off, let me clarify I've found a few similar questions/answers on SO, but none that apply to my particular situation. The one that came closest is this one but it doesn't address the AirWatch aspect.
So I'll try to be very specific.
Background
I have an iOS application that's free. I also have the same app for Android and Windows 10 but those are not my concern.
The iOS app is available to anyone from the App store. But I have a few large corporate customers who use AirWatch to manage the installation/update cycle of their devices. They either have Enterprise or VPP Apple accounts. They want me to provide them with the IPA file so they can distribute it themselves through AirWatch.
In my mind, that's a perfectly legitimate request: they just want to have better control over what gets installed on their devices.
Problem
From what I understand, an Enterprise account requires that the application be signed with the customer's certificate. But if I have several such customers, that means I have to re-sign each application for each customer, every time I have a new update available. And those customers that have VPP accounts cannot use them because the VPP program only applies to paid apps, not to free ones.
Note: keep in mind that at that stage when I'm ready to provide the app to these customers, the app has already been reviewed and accepted by the App Store. So it's deemed legit.
After googling this matter for a while, I know it's possible for someone else to resign an app or to sign it for the first time if it is provided in unsigned form to start with. However, resigned apps are apparently not supported by AirWatch (and, I assume, other MDM's as well).
If that information is incorrect, then I guess all I would need to know is the recipe that I, as a coder, have to follow before providing the app to my customers and what kind of steps they have to take in order to deploy using AirWatch.
Question
So how do I get my free app to my customers so they can manage the distribution themselves, without me having to go through yet another set of hassles every time I change something.
Remember: if I only had a single corporate customer I wouldn't give it a second thought and I would just use their own certificates but I have several potential customers with the same requirements, so the point is to make it easy for all of them and for myself.
I hope my question was clear enough, thanks in advance for any help.
EDIT - Conclusion: I was able to validate that an unsigned IPA file can be signed with the customer's certificate and uploaded to their AirWatch distribution app. Which means I simply have to provide the unsigned version to any customer with the same issue and they will be able to distribute the app themselves with their MDM. Hope this information helps others.
If your customers really can't re-sign your IPA, I believe the best solution for you to do would be to sign up yourself for an enterprise account, then use your own enterprise provisioning profile to sign a single ipa for distribution to the companies that need the app. Their MDM platforms should be able to handle the "trusting" of your enterprise signing identity, so the experience for the end users would be no different than if they were installing and running one signed by their own enterprise account.
The downside of this is that you will then be on the hook for providing your customers new versions when your cert of profile is about to expire. If you have them re-sign your IPA, it would be their responsibility to keep track of that and resign / redistribute a new provisioning profile when they expire.
Also, I have never heard of any restrictions on MDM's distributing re-signed IPAs. I don't even understand how they could prevent it, as a properly re-signed IPA should look no different than an IPA that was build and signed using the new signing identity and profile. I would challenge that, as many MAM (Mobile App Management) vendors offer wrapping of apps that do re-sign the binaries and allow you to distribute those resigned IPAs through MDM systems. I would really expect any corporation with Airwatch to know how to resign an IPA using something like iReSign. That really is your easiest option. Build an IPA for each release, send it out to all your clients, and each can re-sign it with their own signing identity. That way if you stop doing development, they aren't reliant on your signing identity and profile to keep the application running.
because the VPP program only applies to paid apps, not to free ones.
You can manage free apps with VPP. It's maybe free but it's still a license. VPP manages licenses for an organization and allows admins to give and tack back these licenses.
I have right now free Apps in my AirWatch Console, in the tab "Purchased". This tab is only available if VPP is configured and displays only apps from the VPP. I can't go check in the VPP myself because I don't have any access but theses free apps wouldn't be in the tab "Purchased" if they weren't bought with the VPP.
They want me to provide them with the IPA file so they can distribute it themselves through AirWatch.
If you are ready to do that, your customers can upload the ipa file as an internal application and then deploy it to their iOS devices. As AirWatch customers, they should have access to the document VMware AirWatch Mobile Application Management (MAM) Guide with the Chatper 4 "Internal Applications". There is a particular process for iOS apps described.
Is there any way to distribute ios applications through my own website, not using app store?
I mean is there any way that enables end users to download the .ipa file from my website with their browser application and install it directly on their iOS devices?
I have looked around in the web and googled it, but it doesn't seem to be any option for it out there, I just want to make sure of it.
Thank You
There are several possibilities, which probably won't match your needs:
Since last month it's possible to test apps on a device without the need of a paid membership.
There's a possibility to deploy an app through a service like TestFlight, but this needs either a profile installed on the device (like HockeyApp) or always new build since the old ones expire after 30 days.
You could deploy an app with the Enterprise Program
The easy way you describe is not possible.
Apart from the options mentioned above there are 2 more methods.
Method 1:
You could ask the user to open a webpage in safari browser with the following link in it.
href="itms-services://?action=download-manifest&url=url of the manifest file"
The app is installed as soon as the user clicks the link.
Method 2:
You can also leverage iOS mdm solutions like Hexnode MDM though its bit of an overkill.
here is a link on how to distribute app without app store
UPDATE:
BuddyBuild service will stop on 1-3-2018, the other alternative I know is https://www.diawi.com
Old ANSWER:
Try BuddyBuild , after making a build you can take link to IPA file and distribute it as shown.
The options include:
App Store (free or paid)
Enterprise Distribution (must be within an organization)
Open source distribution
It does not sound like any of these will meet your requirements, so no.
Further explanation:
Just to be clear, the limitation is not in distributing your .ipa file, it is the ability for users to install it on their phone. iOS requires an app be signed by Apple (from the App Store), from an Enterprise certificate, or from a developer certificate when a valid provisioning profile includes the target device.
Basically there are three ways
App store
With this method anyone with an iPhone can have access to the application. You can distribute an unlimited number of applications like this. Apple gets a 30% cut. Of course, Apple must approve your application.
Ad hoc
You can distribute applications using ad hoc without going through the app store, but you are limited to a maximum of 100 devices. With this method you can distribute your application from a web site, email, etc.
Enterprise
The method is for internal distribution in companies with more than 500 employees. Apple does not provide any more public detail that I could find on this method.
It doesn't sound like any of these methods meet your criteria unless you have fewer than 100 customers and don't plan to exceed that number. It sounds like from the question your customers are not internal to your company.
I would advise contacting Apple. They might be able to arrange some kind of custom distribution deal.
You if don't want to upload your files to the already mentioned web services, you can host your IPA in your own computer and distribute over the internet using ngrok and the approach given by jithin.
I've created a server that does exactly that and also is protected by password. You can check it out here:
https://github.com/Edudjr/IPAServer
To send build to testers or client I am generally using installonair.com which allows to upload IPA file and generate short URL which we can provide to other users and they can download and install easily from that link.
There are other options as well like Apple Testflight, hockeyapp but I found installonair.com is the quick one.
If you have and Enterprise membership you can do this, but it really isn't what they want you to do on a large scale.
Take a look at this question: Deploying an iOS Application Using Apple Enterprise Developer Program
You can use enterprise distribution services like BuildCannon, but you still need an apple enterprise account. I use a custom solution, but it's a pain to maintain.
My company has an iOS Enterprise Account to distribute In-House Apps. Now we want to develop an app for a customer. The question is: How to deploy the app to the customer's employee's devices? I heard about a "B2B Program", but I wasn't able to find any further details how to deploy to a special Business Store.
I know that there are a lot of discussion about this topic on the net, but I missed the fine details how the process is working in detail.
So what possibilities we have to get the app installed on the customer's employee's iPads?
EDIT: I don't want to invite beta testers or anything similar. I need an official way to install the app on the devices of the customers employees.
Another faster solution then testflightapp is diawi.com.
The link doesn't hold forever but it takes a few seconds to generate a download link.
You either use an archived IPA or a zipped .app , drag it to the relevant part of the site and it generates a download link for you.
We have been using this with a lot of customers with great success.
Just remember - the link is temporary.
Alternatively you can build a simple web page around the IPA file on a server you own (look at the generated diawi page for reference of the tags and info used).
You can also try OTA Distribution process, for more details go through this link.
Here download link is permanent and you don't need to use any third party tool.
How about using a Mobile Distribution Platform like MobileIron?
http://www.mobileiron.com
A few clients at my work use them and their services are pretty good.
I'm doing this for a client now. B2B is, I think, not what you want. Enterprise distribution is intended, by Apple, for in-house distribution. 'In-house' extends as far as out-of-house reps, and even independent contractors who use your client's in-house business app.
Your client should purchase his own Enterprise Developer's certificate, or ask you to purchase one for him. Use that certificate and associated provisioning profile to publish the app (in the usual way using the 'Ad-Hoc' distribution type). Then deploy over-the-air.
I have posted this question on SO since I think it is the most logical place to find people with a lot of experience with the iOS Enterprise program.
For my company, we are developing an in-house app. We would like to deploy this app with the minimum effort required on the user's side <1>, as it should be possible to quickly install it for incoming colleagues. Additionally, we can't always guarantee an up and running internet connection at install time <2>. The in-house app is to be downloaded on our premises from a webserver through wifi.
We are currently not enrolled in the enterprise program, as we're investigating whether or not our goals can be realized.
As for <1>, what we've found is that UDIDs are not necessary to include in the provisioning profile for enterprise deployment. What is needed, is a provisioning profile. Now, here are my first concrete questions:
are any additional steps necessary before a provisioning profile can be installed?
can the provisioning profile be embedded within the app as can be done for OTA betas? This would save a user the step of installing the profile.
For <2>, the following issues come to mind:
here it states that access is needed to ax.init.itunes.apple.com and ocsp.apple.com. The former for querying the max allowable GPRS app file size. It doesn't sound relevant when your goal is to distribute over wifi, but the page says "If this site isn’t reachable, installation may fail." so it does concern me a bit. The latter one seems less severe as it is stated that "Inability to contact or get a response from the OCSP server isn’t interpreted as a revocation", which means that it should be possible to not contact this server right away.
I'm assuming that I can use any URL scheme to point to a local server that provides the app bundle and that there are no restrictions on server configuration.
Summarizing the two: is it possible to install an in-house app from a local server without a functioning internet connection?
Thanks for the help; it's greatly appreciated. As I have no prior experience with Enterprise deployment, it is tough to be confident that I'm not missing out on the nitty gritty details in Apple's documentation.
Provisioning profile can be embedded.
Your employee's devices requires internet connection when they are downloading the app, so that the device can contact Apple servers you mentioned.
We have an iPad app that we would like to distribute internally. We're looking into "Enterprise Distribution". The set of requirements I have been given include that the method for distribution is to be that a user goes to a secure website from an iPad, logs in, and downloads the app. The app then works for them.
Users who do not have access to the website should not have access to the application. We can easily prevent them from downloading the app by forcing them to log in. However, it is not obvious to me that after they download the app (via an .ipa file?), that they couldn't just give it to someone else, something that is not allowed.
It looks like a way around this is to have Distribution Provision Profiles, which determine whether a given app will run on the device. However, it's not obvious to me that those couldn't just be copied as well.
http://manuals.info.apple.com/en_US/Enterprise_Deployment_Guide.pdf
Once you create the enterprise distribution provisioning profile, download the
.mobileprovision file, and then securely distribute it and your application.
Sadly, I don't know enough to know exactly what I should be asking, but here goes:
Can ipa files just be copied from one Ipad to another, allowing anyone to use any given app? (assuming there is no other protection on the app)
If the answer to 1 is yes, is there any reason to believe that .mobileprovision files will help me?
Every device has a UDID, a unique identifier. This is how Apple enforces the 100 development devices rule for individual developers. You collect UDIDs as part of the download process, issuing the provisioning profiles to registered users.
To answer your questions:
Yes, theoretically, without DRM or provisioning, an ipa can be synced to iTunes (or manually copied with third party tools) and then moved to another dewvice.
Yes, .mobileprovision files include UDIDs in them which are pretty much unique to a given device. (The exception may be on jailbroken devices, which, if I recall correctly, can spoof a UDID.)
EDIT:
Just to clarify, in response to your requirements:
The set of requirements I have been given include that the method for distribution is to be that a user goes to a secure website from an iPad, logs in, and downloads the app. The app then works for them.
I would add a middle step.
User logs in.
User submits device info
You create a provision for the device
The user then downloads the app and the provision.
This does not stop the user from giving out the app to others, but it's the best you've got. You can also require the user to log in inside the app, with the same email as the one used to register the UDID, theoretically.
It's now July 2012. Apple's documentation on how to create and distribute an Ad-Hoc iOS application remains stuck at iOS 3, is over-complicated, overwhelming, and often wrong.
With an Developer Enterprise Program license (and a fair bit of patience), you can create an .ipa file, which you can stick on your website.
Your users can then navigate to this webpage on their iPad's Safari, click on a download link to download and install your app onto their device. No iTunes required.
Your app will need (amongst other things) to be signed with a distribution certificate, which you create on the Apple Developer website, but my point is that once you have jumped through all of these badly documented hoops, you can just stick an .ipa and .plist file on a webpage, and ANY user can install your app with it.
Even your Aunt Gladis, who lives 200 miles away and doesn't work for your company.
Mind you, if Apple finds out that you have distributed your app to anyone who doesn't work in your company, they will pull your license.
Getting the Enterprise Account takes a lot of work. Apple will want your DUNS and possibly other proof that you're who you say you are (and that you're an enterprise).
Going the other route (individual developer) will allow you to post your app (make it free so your users will not have to pay!) in the store. Your app can require an account on your local service that no one outside your company will be able to acquire, which will prevent people outside the company from using it. The risk here is that Apple will reject your app for this reason.