I have an Enterprise Program account in the Apple developer program. Currently I'm using TestFlight to distribute an app, which still seems to require that the distribution profile contain each tester's UDID (even for Enterprise apps).
Are there any alternatives to TestFlight (aside from basic DIY placing of the files on a webserver somewhere) that will let me
a) distribute my Enterprise app without the UDID hassle,
b) still allow some control over who installs the app,
c) offer some features similar to TestFlight?
I've googled for this but it's tricky to formulate a search for these criteria.
Update
The Enterprise program forbids distribution of the app to anyone outside your own organisation. I'm curious if this would apply to a service such as TestFlight; this might exaplin the lack of such 3rd party services that can distribute your enterprise apps in the true enterprise fashion (as opposed to treating them as Ad Hoc where UDIDs are required still).
TestFlight now supports uploading of Enterprise builds (without any UDIDs associated). Maybe it always did! I was convinced for a long time it wasn't permitted, but I can't find anything to substantiate that now.
The "hassle" is caused not by TestFlight, but by Apple - the device will reject the application if it's not signed for it, so there is no service working without UDIDs.
ps. You could always jailbreak your devices and disable signature checking, but I'm not aware of any service which take advantage of this.
Related
EDIT: see conclusion at the end of this post.
First off, let me clarify I've found a few similar questions/answers on SO, but none that apply to my particular situation. The one that came closest is this one but it doesn't address the AirWatch aspect.
So I'll try to be very specific.
Background
I have an iOS application that's free. I also have the same app for Android and Windows 10 but those are not my concern.
The iOS app is available to anyone from the App store. But I have a few large corporate customers who use AirWatch to manage the installation/update cycle of their devices. They either have Enterprise or VPP Apple accounts. They want me to provide them with the IPA file so they can distribute it themselves through AirWatch.
In my mind, that's a perfectly legitimate request: they just want to have better control over what gets installed on their devices.
Problem
From what I understand, an Enterprise account requires that the application be signed with the customer's certificate. But if I have several such customers, that means I have to re-sign each application for each customer, every time I have a new update available. And those customers that have VPP accounts cannot use them because the VPP program only applies to paid apps, not to free ones.
Note: keep in mind that at that stage when I'm ready to provide the app to these customers, the app has already been reviewed and accepted by the App Store. So it's deemed legit.
After googling this matter for a while, I know it's possible for someone else to resign an app or to sign it for the first time if it is provided in unsigned form to start with. However, resigned apps are apparently not supported by AirWatch (and, I assume, other MDM's as well).
If that information is incorrect, then I guess all I would need to know is the recipe that I, as a coder, have to follow before providing the app to my customers and what kind of steps they have to take in order to deploy using AirWatch.
Question
So how do I get my free app to my customers so they can manage the distribution themselves, without me having to go through yet another set of hassles every time I change something.
Remember: if I only had a single corporate customer I wouldn't give it a second thought and I would just use their own certificates but I have several potential customers with the same requirements, so the point is to make it easy for all of them and for myself.
I hope my question was clear enough, thanks in advance for any help.
EDIT - Conclusion: I was able to validate that an unsigned IPA file can be signed with the customer's certificate and uploaded to their AirWatch distribution app. Which means I simply have to provide the unsigned version to any customer with the same issue and they will be able to distribute the app themselves with their MDM. Hope this information helps others.
If your customers really can't re-sign your IPA, I believe the best solution for you to do would be to sign up yourself for an enterprise account, then use your own enterprise provisioning profile to sign a single ipa for distribution to the companies that need the app. Their MDM platforms should be able to handle the "trusting" of your enterprise signing identity, so the experience for the end users would be no different than if they were installing and running one signed by their own enterprise account.
The downside of this is that you will then be on the hook for providing your customers new versions when your cert of profile is about to expire. If you have them re-sign your IPA, it would be their responsibility to keep track of that and resign / redistribute a new provisioning profile when they expire.
Also, I have never heard of any restrictions on MDM's distributing re-signed IPAs. I don't even understand how they could prevent it, as a properly re-signed IPA should look no different than an IPA that was build and signed using the new signing identity and profile. I would challenge that, as many MAM (Mobile App Management) vendors offer wrapping of apps that do re-sign the binaries and allow you to distribute those resigned IPAs through MDM systems. I would really expect any corporation with Airwatch to know how to resign an IPA using something like iReSign. That really is your easiest option. Build an IPA for each release, send it out to all your clients, and each can re-sign it with their own signing identity. That way if you stop doing development, they aren't reliant on your signing identity and profile to keep the application running.
because the VPP program only applies to paid apps, not to free ones.
You can manage free apps with VPP. It's maybe free but it's still a license. VPP manages licenses for an organization and allows admins to give and tack back these licenses.
I have right now free Apps in my AirWatch Console, in the tab "Purchased". This tab is only available if VPP is configured and displays only apps from the VPP. I can't go check in the VPP myself because I don't have any access but theses free apps wouldn't be in the tab "Purchased" if they weren't bought with the VPP.
They want me to provide them with the IPA file so they can distribute it themselves through AirWatch.
If you are ready to do that, your customers can upload the ipa file as an internal application and then deploy it to their iOS devices. As AirWatch customers, they should have access to the document VMware AirWatch Mobile Application Management (MAM) Guide with the Chatper 4 "Internal Applications". There is a particular process for iOS apps described.
I know questions like this one have been asked over and over again but I couldn't find an answer that goes straight to the point.
I have seen guides that seems to allow you to distribute your app OTA without having to be part of the Enterprise program.
I also have seen some tricks where, if you don't have a SSL certificate in your hosting, you still can use dropbox to configure your "links". (Enterprise app deployment doesn't work on iOS 7.1)
In summary I have used dropbox as it was indicated in one of the answers I found before and it totally worked. The problem is that I tried to test it in a different device and it didn't work (typical message
Unable to Download App. xxxx could not be installed at this time.
I'm signing the app using a distribution certificate and I'm using a provisioning profile for distribution:
I know it can sound pretty obvious that all that is meant to work only for the AppStore or ad-hoc distribution (this last one requires to collect all devices UDID and it's not what i'm looking for).
I would like to know if it is definitely possible or not to distribute my apps "in-house" without having to be part of the Enterprise program. If true... what I'm doing wrong?
Note: the guide you link to is not for in-house app distribution. That blog post is about ad-hoc distribution without using iTunes. It's not about not having to provision your devices or getting around paying for the Enterprise program.
It is possible, but it still requires the business to spend some money.
If the business is enrolled in the Volume Purchase Program then you can identify them as the authorized purchaser of your Business 2 Business app when you submit it to the App Store. Regular customers won't see it.
Unfortunately, Apple does not say up front how much it costs a business to enroll in the Volume Purchase Program (I'm guessing that it varies) so I don't know if it's cheaper than the Enterprise Program.
I'm in charge of developing an application for my company. It'll only be used by my company. I found the Enterprise Program.
I read
iOS Developer Enterprise Program
but I also read something about MDM iOS that I need to implement.
Is MDM needed to distribute my app? Also, how will my coworkers be able to download the app? How does Apple know they are authorized, and not some random guy who found the link on Google?
You don’t need to do MDM for the enterprise program as far as I know. As for preventing people from downloading the app, I think you just have to keep the link private, or put it behind a URL that can only be accessed on your company network or VPN. And of course, require login, so someone can’t access your internal information just by downloading the app! Presumably, Apple will revoke your enterprise privileges if they find you are abusing them.
Source: I worked at a company that used enterprise distribution for internal beta distribution, among other things.
One of my clients has 30 iPads that are used with an in-house developed app. The "Ad Hoc" distribution model is easy to implement if the number of deployed devices is less than 100. This approach is sometimes described as a "Beta test" approach, but that's just one common use for it.
See these pages:
https://developer.apple.com/library/ios/documentation/IDEs/Conceptual/AppDistributionGuide/TestingYouriOSApp/TestingYouriOSApp.html
Ad-hoc Deployment
I've just started using Air Watch to distribute in-house ios applications. Unless I build the Ad-Hoc profile with the UDID explicitly listed in the profile, my app will not install on any enrolled devices. Anyone know if there is another way to get these applications installed over AW without managing a list of thousands of UDIDs? Indeed there are ways of using a plist file and distributing from a webserver, but we need a way to remotely wipe the installed applications when a device, or employee, goes MIA.
Unless the device is jailbroken, maintenance of the UDID list is required by Apple for anything outside of the App Store. This is enforced by iOS itself. It's obnoxious, but it's the way it is.
If you need more than 100 devices for in-house deployment, be sure to look at Apple's Enterprise Developer Program. The program supports many more features than the regular developer program's ad-hoc system. To enroll, visit https://developer.apple.com/programs/start/enterprise/
I'm developping an App in my company. We want to distribute this App to our customers but without using the AppStore from Apple, is it possible?
I heard about MDM (mobile device manager) but I'm not really sure if it will cover this need?
I heard also about Enterprise developer license for in house deployment but if I'm understanding correctly it means the App can be deployed only inside my company and not to our customers, is it correct?
Thanks for your clarifications.
Seb
If you are trying to get apps to customers without the App Store, you have options, but none of them are awesome.
There are many choices for over the air distribution of the binary, that really isn't the complicated part. You've got MDM solutions, HockeyKit, TestFlight, Manual server manipulation - all are fairly easy and well documented.
Where things get nasty is in the signing. If you definitely do not want to participate in the App Store environment (no app store, no Volume Purchase Program), you only have two real options:
Ad Hoc - Limited to 100 Devices. Devices must be explicitly added to a provision.
Enterprise - No device limit, devices do not need to explicitly added to provisions. In effect, these builds will run on any device; the caveat, you are not legally allowed to distribute these builds to anyone outside your company.
If you intend on developing an application for some other company and their employees, then your only viable option is to sign the final build with a signing certificate attached to said company's development account. The enterprise signing route is a really great approach, if you can get the company to sign all the paperwork to get their own developer account, owned by them.
For stock iOS devices, you really have only 4 choices:
1) Ad Hoc distribution to up to 100 total max devices per iOS Developer enrollment (including wireless Ad Hoc via manifest file & SSL.)
2) Enterprise distribution for distribution to employees of corporations with a D&B rating.
3) Apple's iTunes App store if your app is approved by Apple. (This includes the B2B program and account/password protected apps.) (This now also includes up to 1000 people using Apple's new Testflight service.)
4) Unlimited distribution to other people who have their own individual, company or enterprise iOS/Apple Developer enrollments. The distribution can be either as an Xcode project with source code or a pre-compiled library, or as an ipa or archive file that the customer can (re)codesign with their own Developer certificates. For applications priced at well over $99 per customer, the cost of this annual developer program enrollment might only be a slight additional cost to the customer (and given appropriate legal authorizations, might even be handled as an annual paid service.)
4 b.) ADDED UPDATE: As of Apple's release of Xcode 7 (in late 2015), anyone with just a free Apple ID can use Xcode 7 on their Mac to install apps from build-able Xcode projects directly to their own tethered iOS devices this way, with no need to pay $99 to Apple to enroll. See this answer.
This essentially allows unlimited distribution to anyone with physical access to a current Mac and who knows how to run Xcode.
Options (1), (2) and (4) do not require going through App store approval. There are no other options for distributing apps to stock OS iOS devices.
You could take a look at https://testflightapp.com/.
We use that a lot for customers that only need a app for testing doing the development phase and for apps that are used for conventions (limited time, limited number of units).
Testflight is very easy to use for both developers and end-users, but it is not very well suited for apps that are going to be used on a large numbers of devices, since all devices that are installed to needs to be in your provisioning profile which has a limited number of slots.
EDIT
The testfligt approch is no longer valid. You can now use the TestFlight integrated into itunesconnect. Alternatively you could integrate crashlytics.com, at use their distribution system. It works pretty weill