Tackling the Apple Enterprise program (How to distribute an in-house iOS app)
So, you’ve developed a beautiful application for your company or for a client. You want to distribute it via the Apple AppStore so the company’s employees can download it and start using it. You’ve made absolutely sure that only the employees specifically given access to the app can actually use it – maybe they need a special code, maybe the login is admin-controlled. You submit the app for review in the Apple AppStore Connect. And you get told something like this:
Guideline 3.2 – Business
”We found that your app is an in-house app, intended for employees or members of your organization. As such, it is not appropriate for the App Store.
For information on distributing proprietary, in-house apps, please refer to the Apple Developer Enterprise Program.”
So, you open up the Apple docs, you see something about paying Apple another $300 to be able to distribute your app, so you pay it – your employees need the app, after all.
Sadly, it does not stop there – as of the time of writing, Apple does not allow you to have 1 account with both regular AppStore access and Enterprise provisioning profiles. You have to do a little dance with them so you can create a second account for your organisation that is specifically for In-House applications. Which probably means you’ll have to create a new App ID for your app – after all, once an App ID is created once, it can never be deleted.
Once you manage to set up your Apple Developer Enterprise account, you notice something – there is no AppStore Connect link to be found!
This is because what the Apple Developer Enterprise account gives you is a new option for a Provisioning profile – an In-House profile. You go ahead and create that and sign your app with that, but now you need to figure out how to distribute it as there is no AppStore you can make use of.
Here you have a few options, but I’ll go into details regarding how to setup your own distribution. What you will need to do is to setup a web page with some specific links and files an iOS user will need. Here is what you will require:
- An HTML page you should host somewhere where all your employees can go to download your app. This page can be as simple as containing a single link with a special format, or you can make it a bit prettier. For the sake of being concise in this example, here is a basic page with a link for your app:
<!DOCTYPE html> <html lang="en"> <body> <a href="itms-services://?action=download-manifest&url=https://some.secure-url.com/ios_download/Your_App.plist">Download App</a> </body> </html>
Some important points here:- The &url= portion defines a link to a custom .plist file, the format of which I will describe below.
- This link MUST be an HTTPS link, as otherwise iOS will not allow the redirection.
- The custom .plist file you are redirecting to should be in the below format:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>items</key> <array> <dict> <key>assets</key> <array> <dict> <key>kind</key> <string>software-package</string> <key>url</key> <string>https://some.secure-url.com/ios_download/Your_App.IPA.ipa</string> </dict> </array> <key>metadata</key> <dict> <key>bundle-identifier</key> <string>com.Your.App.Enterprise</string> <key>bundle-version</key> <string>1.0</string> <key>kind</key> <string>software</string> <key>title</key> <string>Your App</string> </dict> </dict> </array> </dict> </plist>
Some points here as well:- The “url” key should point to an HTTPS URL where your application’s IPA archive is hosted
- Your “bundle-identifier” key MUST match your app’s Bundle Identifier
- The “title” key will be seen when a user tries to install the app
- After you have these 3 files – the HTML download page, the custom .plist file and the IPA, you need to host these at an HTTPS URL and provide the download page URL to your users.
- Once a user tries to install your app, he will probably get the following prompt:
- After installing the app, the user may have to trust the app’s developer, namely, you. This has to be done if upon trying to open your app he gets the following message:
- The process of doing that is on the iPhone, the user has to go into Settings -> General -> Device Management, where he will have the option of trusting the Developer (in the example case we have here it would be “Enterprise Developer”).
After you have setup all of this you only need to provide your users with some instructions on how to trust your app, then provide them with the download page above. As a result, you have setup your own way of distributing your app via your very own page which you have to own and maintain, and you will have to manage the upload of your .ipa file when you make updates to the app and create a mechanism to inform your users that an update is available – maybe through sending emails, maybe by popping up a notification in the app itself that a new version is available.
This is one possible approach to handle an In-House app, but there may be other ways of going around Apple’s restriction such as creating a Registration process in your app which would require validation from an admin before access is granted, or using a third-party distribution service.
