Googling this topic I get a sense there are three ways apple allows to distribute the app to end user. However it's still quite vague how exactly each one of these methods actually work and differ.
Ad Hoc Distribution - how does this really work. does this method not require the app to be submitted on app store ? If Yes , then where will the user download the app from and how the installation procedure works.
In-House Distribution - how does this work ? some text i came across suggests we can host the app on a private enterprise server and allow users install from there. If this is true apple would have no way to regulate the app.. not so clear.
App Store deployment - this one i understand how it works as a consumer of some apps i have purchased from app store. In this case the app will have to be submitted to app store first and then available for any number of users to install.
The other question I had on the same context is to be able to deploy the app via one of the ways what type of dev license is required to be procured from apple ?
Ad Hoc Distribution - This is most commonly used for sending the applications to beta testers, you register their UDID in your Developer Portal and then send them the app bundle and a provisioning profile. They drag these into iTunes and can install the application.
In-House Distribution - If I recall correctly this is only available if you have Enterprise license, you can deploy this app to all devices associated with that account (so all of your companies phone for example)
App Store Distribution - This is when your app ends up in the App Store, you submit it to Apple after code signing it, then they review and it gets accepted.
Hopefully that clears things up a bit for you.
For distribution methods 1 & 3 you must have paid the $99 developer fee, number 2 you must have paid $299 (I think that's the right price) for the enterprise developer license.
For the Ad-Hoc thing: You can add up to 100 devices per year to your dev portal. Those 100 devices are then able to install specially signed Apps from you.
To add a device to your portal you need it's UDID. To distribute an App via Ad-Hoc you need to create a special Ad-Hoc distribution profile for the App, sign it with this profile and then send the compiled .app file bundled with the profile to your users. They will then be able to install the app via iTunes, just like they've downloaded it from the App Store.
Note: Removing a previously added device from the list does not increase the device count by.
That's pretty much it, am not familiar with in-house distribution.
Apple's definition of "in-house" distribution basically means: buy an enterprise developer account.
http://www.apple.com/iphone/business/apps/in-house/resources.html
Related
I've looked for hours at other similar questions, but not sure if the other answers apply in my case, and things have changed since I last did this:
I am a sole trader writing an iPad App for an Agency. The app is ultimately for a Company they are working for.
The app will be distributed free to a small number of employees in the Company (<30);
Its a hybrid app, much of the code running as javascript in a webview. Ideally I wish to avoid Apple review of the app during distribution as this is an unknown to me.
I also do not wish to release the source code to Agency nor Company.
What's my best option for distribution? Ad-hoc? Set Company up with an Enterprise account? VPP?
I would use Ad-hoc, as it seems simpler, but not sure what happens after 1 year expiration...
Be grateful for any pointers.
If you have Apple Developer Enterprise Program (299 USD/year)
Ad Hoc
You can distribute your app to limited number of registered devices, but you need to sign every year before your provisioning profile expires, if you don't sign your app again, it will start to crash on opening after expiration date.
In House
You can distribute your app without any device limit, but you need to sign your app every year.
If you have Apple Developer Program (99 USD/year)
Ad Hoc
Same as enterprise program
App Store
Once you submit and release your app, you don't need to sign again.
I think your best choice is distributing your app via App Store if the company is okey with it. Review process is not a big deal after all, you can shape your app according to rejections reasons.
Apple Developer program - Adhoc Distribution
Cheaper ($99)
No Appstore review needed
Supports up to 100 device (device list can be modified yearly)
Need to rebuild with updated provisioning profile when new device is added
Need to rebuild the app on yearly basis when provisioning profiles expire
OTA can be used to distribute the app to users
Enterprise Program - In-house Distribution
Expensive ($299)
App can be installed into any device without a device limit (no rebuilding required)
Need to rebuild the app on yearly basis when provisioning profiles / distribution certificate expire
No Appstore review needed
OTA can be used to distribute the app to users
I would go with Apple developer program since you user base is around 30 and its a cheaper option.
Have You looked at:
https://www.diawi.com/
Or
https://www.installrapp.com/
?
Note: You must register their devices to your Apple account first
EDIT: see conclusion at the end of this post.
First off, let me clarify I've found a few similar questions/answers on SO, but none that apply to my particular situation. The one that came closest is this one but it doesn't address the AirWatch aspect.
So I'll try to be very specific.
Background
I have an iOS application that's free. I also have the same app for Android and Windows 10 but those are not my concern.
The iOS app is available to anyone from the App store. But I have a few large corporate customers who use AirWatch to manage the installation/update cycle of their devices. They either have Enterprise or VPP Apple accounts. They want me to provide them with the IPA file so they can distribute it themselves through AirWatch.
In my mind, that's a perfectly legitimate request: they just want to have better control over what gets installed on their devices.
Problem
From what I understand, an Enterprise account requires that the application be signed with the customer's certificate. But if I have several such customers, that means I have to re-sign each application for each customer, every time I have a new update available. And those customers that have VPP accounts cannot use them because the VPP program only applies to paid apps, not to free ones.
Note: keep in mind that at that stage when I'm ready to provide the app to these customers, the app has already been reviewed and accepted by the App Store. So it's deemed legit.
After googling this matter for a while, I know it's possible for someone else to resign an app or to sign it for the first time if it is provided in unsigned form to start with. However, resigned apps are apparently not supported by AirWatch (and, I assume, other MDM's as well).
If that information is incorrect, then I guess all I would need to know is the recipe that I, as a coder, have to follow before providing the app to my customers and what kind of steps they have to take in order to deploy using AirWatch.
Question
So how do I get my free app to my customers so they can manage the distribution themselves, without me having to go through yet another set of hassles every time I change something.
Remember: if I only had a single corporate customer I wouldn't give it a second thought and I would just use their own certificates but I have several potential customers with the same requirements, so the point is to make it easy for all of them and for myself.
I hope my question was clear enough, thanks in advance for any help.
EDIT - Conclusion: I was able to validate that an unsigned IPA file can be signed with the customer's certificate and uploaded to their AirWatch distribution app. Which means I simply have to provide the unsigned version to any customer with the same issue and they will be able to distribute the app themselves with their MDM. Hope this information helps others.
If your customers really can't re-sign your IPA, I believe the best solution for you to do would be to sign up yourself for an enterprise account, then use your own enterprise provisioning profile to sign a single ipa for distribution to the companies that need the app. Their MDM platforms should be able to handle the "trusting" of your enterprise signing identity, so the experience for the end users would be no different than if they were installing and running one signed by their own enterprise account.
The downside of this is that you will then be on the hook for providing your customers new versions when your cert of profile is about to expire. If you have them re-sign your IPA, it would be their responsibility to keep track of that and resign / redistribute a new provisioning profile when they expire.
Also, I have never heard of any restrictions on MDM's distributing re-signed IPAs. I don't even understand how they could prevent it, as a properly re-signed IPA should look no different than an IPA that was build and signed using the new signing identity and profile. I would challenge that, as many MAM (Mobile App Management) vendors offer wrapping of apps that do re-sign the binaries and allow you to distribute those resigned IPAs through MDM systems. I would really expect any corporation with Airwatch to know how to resign an IPA using something like iReSign. That really is your easiest option. Build an IPA for each release, send it out to all your clients, and each can re-sign it with their own signing identity. That way if you stop doing development, they aren't reliant on your signing identity and profile to keep the application running.
because the VPP program only applies to paid apps, not to free ones.
You can manage free apps with VPP. It's maybe free but it's still a license. VPP manages licenses for an organization and allows admins to give and tack back these licenses.
I have right now free Apps in my AirWatch Console, in the tab "Purchased". This tab is only available if VPP is configured and displays only apps from the VPP. I can't go check in the VPP myself because I don't have any access but theses free apps wouldn't be in the tab "Purchased" if they weren't bought with the VPP.
They want me to provide them with the IPA file so they can distribute it themselves through AirWatch.
If you are ready to do that, your customers can upload the ipa file as an internal application and then deploy it to their iOS devices. As AirWatch customers, they should have access to the document VMware AirWatch Mobile Application Management (MAM) Guide with the Chatper 4 "Internal Applications". There is a particular process for iOS apps described.
I have a normal Apple Developer Program (not the Enterprise one)
and I need to distribute an iOS application without adding each UDID to the provisioning profile. I do not want to jailbreak iphones.
It is possible to make an Enterprise provisioning profile where the signed applications can be installed on any device without adding it to the provisioning profile. (Correct?)
And it is possible only with Enterprise program. (Correct?)
Are there any other ways to get rid of this dummy need of adding the betatester's UDIDs and recompiling the app whenever new testers come, with Apple Developer Program only?
Providing you're already registered with the Apple Developer Programme, you can upload your build and from within iTunesConnect use the TestFlight options to make your app available for download.
There are two options, 'Internal Testing' and 'External Testing'.
(In answer to question about the profiles, you don't need to have an Enterprise Provisioning Profile.)
As you wish to make the app available for unknown devices, you will need to use external testing. Here is a link to Apple's info on it https://developer.apple.com/testflight/
You will need the email addresses of the beta users (up to 1000 users) as those will be used to send an invitation to download via TestFlight from the device they wish to download to.
For external testing, your app will need to be submitted to Apple for Beta Review, which normally only takes a day or so for them to approve. Once approved this build is available to invite the beta testers to download
I hope this helps
I have a customer who is using an app on their iPads that was developed by a third party who is no longer around. The app is not in the AppStore. They were explaining to me how once a year they need to login to TestFlight.com to reset something. I looked at Testflight at as far as I can tell, its a testing platform, not for production use. I assume they are renewing the dev certificates or something similar.
Does this make sense? Is this a legal way of running a native app on an iOS device?
What are the benefits of services like TestFlight?
Your Enterprise Certificate
Enterprise apps must be re-provisioned once a year. You will need to login to the Apple Dev Center, refresh your Provisioning Profile, resign the app, and re-upload to TestFlight.
TestFlight And HockeyApp
In addition to Testflight there is also HockeyApp.net. These are services that allow you to manage an app either during test using Ad Hoc certificates from Apple or acting as a managed AppStore when developing Enterprise apps.
It also has a number of great features, including, crash report collection, managing of testers and their feedback, update notifications on the client, test device UDID management, and verifying that the tester has actually installed the correct version.
All these things are incredibly useful to someone that has to deal with these sorts of things professionally.
Enterprise vs. Ad Hoc
Enterprise certificates from Apple allow you many of the same privileges as the AppStore. This arrangement requires you to be a business with a DUNS number and you must sign a contract with Apple that states you will use this exclusively in adherence to their terms. This costs about $299/year and the app is good for one year once correctly signed. You can install it on any iOS device in accordance with the contract you signed with Apple.
Ad Hoc is what is used for in-house testing. Each device UDID has to be added to the Apple Developer Portal, attached to the provisioning profile, downloaded, and resign the app with the new provisioning profile. Cost is $99/year, maximum of 100 devices, and devices can only be removed once a year. Each app expires after a few months.
Test Flight is an apk/ipa (app binary) distribution mechanism. So they may be accepting testflight's profile on their phones if their UDID was registered to receive drops of a particular app.
TestFlight can be used for distributing apps signed with Enterprise Certificates, i.e. apps that can't be distributed through AppStore.
Another possibility is that the app is run on only a few devices, registered as test devices on a regular Developer Account. If that's the case, the limit of numbers of devices should be noticed: 100 devices.
I'm developping an App in my company. We want to distribute this App to our customers but without using the AppStore from Apple, is it possible?
I heard about MDM (mobile device manager) but I'm not really sure if it will cover this need?
I heard also about Enterprise developer license for in house deployment but if I'm understanding correctly it means the App can be deployed only inside my company and not to our customers, is it correct?
Thanks for your clarifications.
Seb
If you are trying to get apps to customers without the App Store, you have options, but none of them are awesome.
There are many choices for over the air distribution of the binary, that really isn't the complicated part. You've got MDM solutions, HockeyKit, TestFlight, Manual server manipulation - all are fairly easy and well documented.
Where things get nasty is in the signing. If you definitely do not want to participate in the App Store environment (no app store, no Volume Purchase Program), you only have two real options:
Ad Hoc - Limited to 100 Devices. Devices must be explicitly added to a provision.
Enterprise - No device limit, devices do not need to explicitly added to provisions. In effect, these builds will run on any device; the caveat, you are not legally allowed to distribute these builds to anyone outside your company.
If you intend on developing an application for some other company and their employees, then your only viable option is to sign the final build with a signing certificate attached to said company's development account. The enterprise signing route is a really great approach, if you can get the company to sign all the paperwork to get their own developer account, owned by them.
For stock iOS devices, you really have only 4 choices:
1) Ad Hoc distribution to up to 100 total max devices per iOS Developer enrollment (including wireless Ad Hoc via manifest file & SSL.)
2) Enterprise distribution for distribution to employees of corporations with a D&B rating.
3) Apple's iTunes App store if your app is approved by Apple. (This includes the B2B program and account/password protected apps.) (This now also includes up to 1000 people using Apple's new Testflight service.)
4) Unlimited distribution to other people who have their own individual, company or enterprise iOS/Apple Developer enrollments. The distribution can be either as an Xcode project with source code or a pre-compiled library, or as an ipa or archive file that the customer can (re)codesign with their own Developer certificates. For applications priced at well over $99 per customer, the cost of this annual developer program enrollment might only be a slight additional cost to the customer (and given appropriate legal authorizations, might even be handled as an annual paid service.)
4 b.) ADDED UPDATE: As of Apple's release of Xcode 7 (in late 2015), anyone with just a free Apple ID can use Xcode 7 on their Mac to install apps from build-able Xcode projects directly to their own tethered iOS devices this way, with no need to pay $99 to Apple to enroll. See this answer.
This essentially allows unlimited distribution to anyone with physical access to a current Mac and who knows how to run Xcode.
Options (1), (2) and (4) do not require going through App store approval. There are no other options for distributing apps to stock OS iOS devices.
You could take a look at https://testflightapp.com/.
We use that a lot for customers that only need a app for testing doing the development phase and for apps that are used for conventions (limited time, limited number of units).
Testflight is very easy to use for both developers and end-users, but it is not very well suited for apps that are going to be used on a large numbers of devices, since all devices that are installed to needs to be in your provisioning profile which has a limited number of slots.
EDIT
The testfligt approch is no longer valid. You can now use the TestFlight integrated into itunesconnect. Alternatively you could integrate crashlytics.com, at use their distribution system. It works pretty weill