We have build an enterprise iPad App and now we want to give it to our employees. Initially when testing, we used ad-hoc distribution collecting all the test device's UDID and then creating the profile.
Now going live we want this app to be deployed in a secured web server and send the link to our employees, so that they enter the username and password before accessing the link.
There are around 500+ devices we need to install this iPad App. Do i need to collect all the UDID and then deploy the .ipa file, because Apple documentation says:
Create an enterprise distribution provisioning profile that authorizes devices to use apps you’ve signed.
If not that way, do the user needs to install the profile.mobileprovision file and then install the .ipa file?
We are still unable to decide how to deploy our app because of this issue. We would like to avoid the app approval process because it App handles a lot of sensitive data.
Can some one help me on this, how to do a OTA deployment for enterprise Apps?
As of December 2011, these are the steps:
Create a provisioning profile in your Apple Enterprise account
Set this as the Code Signing Identity under the Build setting of your app.
Make sure the Bundle ID matches that of the provisioning profile.
Select Product > Archive to build IPA file.
Click Share (aka Distribute) button after selecting your Archive.
Set Contents radio button to iOS App Store Package (.ipa)
Make sure Identity in dropdown is the one used from Enterprise account.
Click Next
Select the check box "Save for Enterprise Distribution"
For Application URL put in the URL that points to where the ipa file will be placed (example: http://oursite.com/myApp.ipa)
Click Save. This will save a plist & an ipa file for you.
Place these files on your server with a link formated like this:
<a href="itms-services://?action=download-manifest&url=itms-services://?action=download-manifest&url=http:/oursite.com/myApp.plist" id="text">
Go to this page from your device and click the link to install the app
Probably the best way to distribute your enterprise mobile app and then securely manage users, groups, data and devices is using a Mobile Device Manager (MDM) tool suite.
iOS provides specific APIs that support enterprise deployment via MDM products with API level features like Per App VPN connections that allow you to firewall a DMZ application server to only connect to a specific signed client iOS app. The vendors also provided authentication SSO integration and encrypted storage on the devices to sandbox your enterprise apps from other untrusted personal apps on a BYOD device.
Here's the Gartner 2013 review of MDM products:
http://www.business.att.com/content/whitepaper/Gartner-MDM-MQ.pdf
The 3 major players are now: Air Watch, Mobile Iron and Citrix XenMobile.
NOTE: I don't work for or have a vested interest in any MDM vendor.
There are two solutions
Try testflightapp.com
It does everything for you. It even has a SDK which I found very useful in debugging scenarios with logs and crash reports.
If you are looking to have your own hosted solution for the enterprise then
http://hockeykit.net/ is the best bet.
It has a client application which makes the upgrade process painless. It also have a server side code which you can deploy on your server.
https://github.com/TheRealKerni/HockeyKit
Update 2013-11-23:
We have been using Diawi happily for quite some time.
You can also use my shell script that will help you a long way with generating the necessary files and links:
https://github.com/sveinungkb/ios-ota-buddy
You do not need to manage UDIDs if you are using an enterprise profile.
To install an enterprise app you need a provisioning profile built with your distribution certificate on each device. See Does an iPhone Enterprise provisioning profile need to specify phone UUIDs like an ad-hoc provisioning profile does?
I've created tool (it's beta, so please be patient with it:)) for generating manifests from ipa file online:
http://manifest-generator.knejzlik.cz/
It generates plist with index.html file. All you need is to put content of downloaded archive to your site.
You can use InstallFish.com for this.
It allows OTA distribution for both IOS and Android. It also has a feature to automatically get the UDID and create your own appstores.
You will still need to provision them via your enterprise account but it makes the whole process of OTA installs much easier, especially for enterprise distributions.
You can use hockey, diawi etc. but sometimes you just want something simple that allows you to host it on your server. I was searching for a simple, basic php script that can do this but did not found any that suited my needs so I wrote a simple single php file server by myself and you can find it here:
https://github.com/leszek-s/LSIPASERVER
It has a list of all uploaded ipa files, upload page with password protected upload and each uploaded ipa has it's own page so you can send a link to specific uploaded ipa to someone. Feel free to use it on your own server.
Related
I was wondering how was this website able to offer an iOS app for download directly from the browser bypassing the App Store?
(Please be advised that this is an adult-oriented app.)
http://app.941hd.com/ios_download.html
It seems they're using an enterprise certificate, which is intended for in-house corporate developers.
iOS Apps signed with those certificates can be downloaded and installed through a link by anyone, regardless of whether or not the developer has your UDID.
They would be violating their developer agreement with Apple and can expect to have their account suspended when Apple finds out.
I can't comment on exactly this implementation but a similar thing could be done using B2B distribution method. More info here.
You can distribute your app from a web page simply by creating a download link for the .ipa.
When opened in iOS, the application will be downloaded and installed on the device, if the device is registered on the provisioning profile used to sign the .ipa or if the provisioning profile is inHouse.
They have enrolled a Enterprise Account of Apple and they have made Enterprise App , which can be distributed via website and can be directly downloaded from browser .
There are online tools that simplify this process of sharing, for example https://abbashare.com or https://diawi.com
Create an ipa file from xcode with adhoc or inhouse profile, and upload this file on these site.
I prefer abbashare because save file on your dropbox and you can delete it whenever you want
My company has an iOS Enterprise Account to distribute In-House Apps. Now we want to develop an app for a customer. The question is: How to deploy the app to the customer's employee's devices? I heard about a "B2B Program", but I wasn't able to find any further details how to deploy to a special Business Store.
I know that there are a lot of discussion about this topic on the net, but I missed the fine details how the process is working in detail.
So what possibilities we have to get the app installed on the customer's employee's iPads?
EDIT: I don't want to invite beta testers or anything similar. I need an official way to install the app on the devices of the customers employees.
Another faster solution then testflightapp is diawi.com.
The link doesn't hold forever but it takes a few seconds to generate a download link.
You either use an archived IPA or a zipped .app , drag it to the relevant part of the site and it generates a download link for you.
We have been using this with a lot of customers with great success.
Just remember - the link is temporary.
Alternatively you can build a simple web page around the IPA file on a server you own (look at the generated diawi page for reference of the tags and info used).
You can also try OTA Distribution process, for more details go through this link.
Here download link is permanent and you don't need to use any third party tool.
How about using a Mobile Distribution Platform like MobileIron?
http://www.mobileiron.com
A few clients at my work use them and their services are pretty good.
I'm doing this for a client now. B2B is, I think, not what you want. Enterprise distribution is intended, by Apple, for in-house distribution. 'In-house' extends as far as out-of-house reps, and even independent contractors who use your client's in-house business app.
Your client should purchase his own Enterprise Developer's certificate, or ask you to purchase one for him. Use that certificate and associated provisioning profile to publish the app (in the usual way using the 'Ad-Hoc' distribution type). Then deploy over-the-air.
I am developing an iOS app which needs to be tested in a device which is present in another country with the client. If needed I can get the UDID and other details of the device. Can I install my under-development app on that device without publishing my App.? If yes, please explain the procedure.
Thank you all in advance.
Yes, you can. To do this you will need the UDID of all the devices where the App will be installed, and then you need to generate an Ad Hoc provisiong profile for those devices.
https://developer.apple.com/library/ios/documentation/IDEs/Conceptual/AppDistributionGuide/TestingYouriOSApp/TestingYouriOSApp.html
To send the app to your client, go to XCode > Product (Menu) > Archive.
Then open Organizer > Archives (Tab) > Distribute. Follow on-screen instructions.
This will generate an .ipa file (executable) which you can then send to your testers (through email, or whatever other mean). He will have to install this .ipa by dragging and dropping it onto iTunes.
For further discussions look at this question.
Yes, you can.
1)Register client's device into device list in your developer account on apples site
2)Generate Ad-Hoc provision profile and send to your client with *.ipa file
3)Test it
Also take a look at 3-rd party services like TestFlight - http://testflightapp.com .Very popular and convenient way to work with beta-testers all around the world.
Answer is yes. You need to get UDID and add it to your developer portal as testing device. Download the provisioning profile and rebuild the app with revised provisioning profile. This app can be send to client for testing.
If you can sign with an Distribution profile for enterprises than you can upload that file on a link and user can Install the iPA file just by clicking on that link..
for more info check on these links..
How to distribute ios application wirelessly without managing UDIDs and recompilation
iPhone Application Enterprise Distribution Process
This an incredibly bad idea. What you are setting up is a back door into any iOS device to plant (potentially) malicious software. While your intentions may be good the long term effects are not.
Publishing your app would require it to go through code review, which is entail to ensure the enteritis of the app.
I have created an application for a company that I need to deploy. The application is for internal use only so it will not be available on the App Store. Do I need a UDID for each individual on whose device the app will be installed? That would be impossible since there are 500 employees. Does anyone have a good documentation or experience on deploying the iOS iPhone application using the Enterprise Developer Program only.
With the Apple ENTERPRISE Developer Program you can NOT distribute an App in the Apple AppStore.
Its purpose is to collaborate an In-House App in your own company.
The Enterprise account does not necessarily need the UDID of your target devices. You can for instance also use a link which remotely installs the app directly on the device.
You can find more details here: https://developer.apple.com/programs/enterprise/
If you are trying to deploy applications to customers/users on a production/long term basis, you can deploy an applications outside the apple store in three ways:
manually via iTunes
directly via iTunes Configuration utility
via weblink (sent via mms, email, webbrowser etc.)
In order to distribute an application this way, the application must have a special corporate signature, and each device must have a matching corporate signature installed manually.
The best overall explanation for the process is available at this link.
If you're just testing on a handful of test devices, then you I would suggest two approaches:
a dev release to a test device follow step by step instructions here.
Or you can use a helper application to deploy a beta release: testflightapp.
You can do distribute your iOS app to only a particular set of people (in your case, your company employee), by following these procedure
Get a apple enterprise developer account
Create a distribution certificate and provisioning profile
(In-House) using your enterprise developer account
Archive the ipa file using the created certificate and
provisioning profile
While saving the ipa, click on the check mark. So, the plist file
is also created.
Host the plist and ipa file in your server
Include a download html file with a href tag with src
"itms-services://?action=download-manifest&url=https://mydomain.com/apps/MyInHouseApp.plist"
Now when you click on the link from your device the app will get downloaded.
I don't agree with the previous answer. Check this document page 26.
MDM servers can deploy both App Store apps and in-house enterprise
apps to devices over the air. Both paid and free App Store apps can
be managed by an MDM server using Volume Purchase Program (VPP)
managed distribution.
Once you have VPP and Enterprise Developer account you could be able to install apps in the app store or company owned apps into the managed devices.
Further for just deploying the in-house app you could follow this 9 step process.
If you need to deploy to many devices i suggest AirWatch. I've used it many times, it can be a bit frustrating to set up but once you have it working its very nice to have.
Testflight still requires udid and the limit is 100 for 1 year before you can reset. Enterprise deployment is best method for in house apps.
TestFlight offers over-the-air beta distribution of iOS apps (on non-jailbroken devices). How can this be done? Is this an iOS feature, or a vulnerability exploit?
This article showed how Apples OTA implementation works and can be used outside enterprises as well: ios wireless app distribution
The complete process is documented by Apple.
Apple also published documentation and sample code for registering devices and get the UDID by using profiles, so your website can detect which device is calling.
Some additional solutions with different strenghts:
iOS Beta Builder, a Mac Application to create the website by using a build. Simply upload the resulting files to your webserver.
Diawi: Simple Web service. Upload your IPA file, optionally set a password and send a link to your testers.
AppSendr: Web service for beta build hosting, similar to Testflight, but does not include the device registration process. But provides deployment utilities to automatically upload new versions.
HockeyKit: Open source project for hosting beta versions on your own PHP5 server with additional functionalities like an client for In-App-Updates, automatic device specific web sites and handling multiple applications. Completely file and directory based.
HockeyApp: Web Service for beta build hosting, In-App-Updates, Statistics, and including device registration, invite and recruitment. Also provides server side crash report collection, symbolication (for all threads) and crash grouping for beta and app store apps (iOS + Mac). SDKs are open source, using HockeyKit, QuincyKit and PLCrashReporter (which is the only safe solution on how to do crash report collection on iOS, see this article.
Note: I am the main developer of HockeyKit and QuincyKit, and one of the developers of HockeyApp.
This was possible before TestFlight rolled out a service. The technique stemmed out of the enterprise distribution mechanism. Since 4.0 devices have supported install from web.
Remember - you still need to sign the beta distribution for a select set of UDIDs you can't just willy nilly install it on any device. All they are doing is taking the email the IPA step out of things.
See:
http://www.alexcurylo.com/blog/2010/08/27/wireless-ad-hoc-distribution/
Update: I want to say that Test Flight is one of the most helpful tools I've used when developing though. Just taking the IPA emailing out of the picture was an understatement- I was just trying to call out the technical mechanism. They do a fantastic job managing the whole beta process. Getting new devices enrolled. Notifying users etc.
Testflight basically uses the normal Ad Hoc as already stated.
For this to work, you need the UDID for every device in order to add it to the Ad Hoc profile, re-compile the app with the new profile an redistribute the new build.
You can get the UDID with the help of the OTA Authentication Request. This is actually a step that is done in MDM before the actual profile is rolled out to the device. It basically asks the device for further information about itself and send it back to a self specified server.
The first step is documented here: Apple OTA Configuration
I guess Testflight uses this right after the registration process to collect the UDID, phone name, ...
Yes this is a core feature of iOS for Enterprise Customers who wish to distribute OTA.
Presumably you would pass your UDID over to TestFlight along with the app and they use their Enterprise Licence to send the app to you. I'm sure I'm missing a lot of the technical details but if you want to know more, Apple has a video on this from WWDC 2010.
Login to developer.apple.com, go to WWDC 2010 Videos and use the link to get to the vidoes. The video you want is "Session 108 - Managing Mobile Devices". It is very informative about what is possible with OTA and the steps you have to take to do OTA provisioning.
Stock iOS devices are "vulnerable" to running the user loading Ad Hoc apps from any developer who has that device's UDID, and registers that UDID among their 100 allowed devices on Apple's developer portal.
OTA distribution is just another way to install an Ad Hoc beta test distribution from an enrolled developer.